Lucene search

[email protected]CVE-2002-1974

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2002-1974

2022-10-0316:23:47

[email protected]

web.nvd.nist.gov

ftp service

zaurus pdas

sl-5000d

sl-5500

authentication bypass

file system access

remote exploit

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.8%

JSON

The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root.

Affected configurations

NVD

Node

sharpzaurusMatchsl-5000d

sharpzaurusMatchsl-5500

CPENameOperatorVersion
sharp:zaurussharp zauruseqsl-5000d
sharp:zaurussharp zauruseqsl-5500

CPE	Name	Operator	Version
sharp:zaurus	sharp zaurus	eq	sl-5000d
sharp:zaurus	sharp zaurus	eq	sl-5500

References

online.securityfocus.com/archive/1/281437

www.iss.net/security_center/static/9534.php

www.securityfocus.com/archive/1/281549

www.securityfocus.com/archive/1/281652

www.securityfocus.com/bid/5200

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.8%

JSON

Related for CVE-2002-1974

nessus1 nvd1 cvelist1