CVE-2005-2329

MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, when using SSH public key authentication, does not properly restrict access to ports, which allows remote authenticated users to access the consoles of other users.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://securitytracker.com/id?1014517
http://www.securityfocus.com/archive/1/405546	Exploit Vendor Advisory
http://www.securityfocus.com/bid/14300

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:mrv_communications:in_reach_lx_1000s:3.5:::::::*
	cpe:2.3:h:mrv_communications:in_reach_lx_4000s:3.5:::::::*
	cpe:2.3:h:mrv_communications:in_reach_lx_8000s:3.5:::::::*

History

No history.

Information

Published : 2005-07-20 04:00

Updated : 2024-02-04 16:52

NVD link : CVE-2005-2329

Mitre link : CVE-2005-2329

CVE.ORG link : CVE-2005-2329

JSON object : View

Products Affected

mrv_communications

in_reach_lx_1000s
in_reach_lx_8000s
in_reach_lx_4000s

CWE

NVD-CWE-Other

{"id": "CVE-2005-2329", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-07-20T04:00:00.000", "references": [{"url": "http://securitytracker.com/id?1014517", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/405546", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/14300", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, when using SSH public key authentication, does not properly restrict access to ports, which allows remote authenticated users to access the consoles of other users."}, {"lang": "es", "value": "MRV Communications In-Reach LX-8000S, LX-4000S, y LX-1000S 3.5.0 cuando usa autenficaci\u00f3n por clave p\u00fablica SSH, no restringe adecuadamente el acceso a los puertos, lo que permite que usuarios autenficados remotos accedan a las consolas de otros usuarios."}], "lastModified": "2008-09-05T20:51:29.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mrv_communications:in_reach_lx_1000s:3.5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "438B33E3-FEB5-43F9-8671-E3F70F426C43"}, {"criteria": "cpe:2.3:h:mrv_communications:in_reach_lx_4000s:3.5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E800F6D6-4079-4930-98A0-3700D847A72F"}, {"criteria": "cpe:2.3:h:mrv_communications:in_reach_lx_8000s:3.5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DF16525-656A-47BA-9859-E9F13D6CF1C7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}