CVE-2002-0236 - OpenCVE

Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lucent	Vitalanalysis Vitalevent Vitalhelp Vitalnet Vitalsuite

Configuration 1 [-]

OR	cpe:2.3:a:lucent:vitalanalysis:8.0:::::::*
	cpe:2.3:a:lucent:vitalanalysis:8.1:::::::*
	cpe:2.3:a:lucent:vitalanalysis:8.2:::::::*
	cpe:2.3:a:lucent:vitalevent:8.0:::::::*
	cpe:2.3:a:lucent:vitalevent:8.1:::::::*
	cpe:2.3:a:lucent:vitalevent:8.2:::::::*
	cpe:2.3:a:lucent:vitalhelp:8.0:::::::*
	cpe:2.3:a:lucent:vitalhelp:8.1:::::::*
	cpe:2.3:a:lucent:vitalhelp:8.2:::::::*
	cpe:2.3:a:lucent:vitalnet:8.0:::::::*
	cpe:2.3:a:lucent:vitalnet:8.1:::::::*
	cpe:2.3:a:lucent:vitalnet:8.2:::::::*
	cpe:2.3:a:lucent:vitalsuite:8.0:::::::*
	cpe:2.3:a:lucent:vitalsuite:8.1:::::::*
	cpe:2.3:a:lucent:vitalsuite:8.2:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=101294507827698&w=2
http://www.iss.net/security_center/static/7936.php
http://www.securityfocus.com/bid/3784

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-05-03T04:00:00

Updated: 2024-08-08T02:42:28.607Z

Reserved: 2002-05-01T00:00:00

Link: CVE-2002-0236

Vulnrichment

No data.

NVD

Status : Modified

Published: 2002-05-29T04:00:00.000

Modified: 2016-10-18T02:17:23.540

Link: CVE-2002-0236

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3784", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3784"}, {"name": "20020205 Published Report of Vulnerability in Lucent VitalSuite Software", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=101294507827698&w=2"}, {"name": "vitalnet-unauth-access(7936)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7936.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0236", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3784", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3784"}, {"name": "20020205 Published Report of Vulnerability in Lucent VitalSuite Software", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=101294507827698&w=2"}, {"name": "vitalnet-unauth-access(7936)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7936.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:42:28.607Z"}, "title": "CVE Program Container", "references": [{"name": "3784", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3784"}, {"name": "20020205 Published Report of Vulnerability in Lucent VitalSuite Software", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=101294507827698&w=2"}, {"name": "vitalnet-unauth-access(7936)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/7936.php"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0236", "datePublished": "2002-05-03T04:00:00", "dateReserved": "2002-05-01T00:00:00", "dateUpdated": "2024-08-08T02:42:28.607Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lucent:vitalanalysis:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "AC7645BD-591E-4709-A61E-EA7CF1815057", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalanalysis:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2EE0D50E-FE92-4FC9-94AD-72A6563DD4FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalanalysis:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "4E012756-627D-4CE8-873B-0B776A84D436", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalevent:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B3E6FC0D-6452-4739-A7B0-D140372293CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalevent:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "3AF07885-5F82-4D6B-A049-A1E70ABB1FEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalevent:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6AB2B0E1-160B-4244-9AFC-46FE95F3BEBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalhelp:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C68E925D-BC65-4937-A84D-E60A627A41FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalhelp:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2EDF2050-6AA3-40EB-9371-61880C5F0408", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalhelp:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "E0359D82-7D52-4EC2-83BB-B5B360258F1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalnet:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "CEE6EBB4-4156-4760-AEC7-691517A6198A", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalnet:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9434843-2FFD-49AA-A2BD-9B15325738BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalnet:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D78F09FD-A4A6-44C7-B316-BC626E3E9954", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalsuite:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C91C8D0F-3CE8-483C-9FCF-A6A3AAC9CF42", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalsuite:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "491A9D11-EED8-404F-A31D-A8545D2DF950", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucent:vitalsuite:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "AC23C2DE-B138-4E4F-819C-6CF0D51A1E87", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user."}, {"lang": "es", "value": "Lucent VitalSuite 8.0 hasta 8.2, incluyendo VitalNet, VitalEvent, y VitalHelp/VitalAnalysis, permite a atacantes remotos que se salten la autentificaci\u00f3n por medio de una petici\u00f3n HTTP directa al programa VsSetCookie.exe, el cual retorna una cookie v\u00e1lida para el usuario deseado."}], "id": "CVE-2002-0236", "lastModified": "2016-10-18T02:17:23.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-05-29T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=101294507827698&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/7936.php"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3784"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}