CVE-2011-3997 - Vulnerability Details - OpenCVE

Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opengear	Acm5000 Console Server Cm4000 Console Server Im4004-5 Console Server Im4200 Console Server Img4000 Console Server Kcs6000 Rackside Console Server Opengear Console Server Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:a:opengear:opengear_console_server_firmware::::::::
	cpe:2.3:a:opengear:opengear_console_server_firmware:2.0.4:::::::*
	cpe:2.3:a:opengear:opengear_console_server_firmware:2.0.4u1:::::::*
	cpe:2.3:a:opengear:opengear_console_server_firmware:2.0.6:::::::*
	cpe:2.3:a:opengear:opengear_console_server_firmware:2.0.8:::::::*
	cpe:2.3:a:opengear:opengear_console_server_firmware:2.0.9:::::::*
	cpe:2.3:a:opengear:opengear_console_server_firmware:2.1.0:::::::*
	cpe:2.3:a:opengear:opengear_console_server_firmware:2.1.0u1:::::::*

OR	cpe:2.3:h:opengear:acm5000_console_server::::::::
	cpe:2.3:h:opengear:cm4000_console_server::::::::
	cpe:2.3:h:opengear:im4004-5_console_server::::::::
	cpe:2.3:h:opengear:im4200_console_server::::::::
	cpe:2.3:h:opengear:img4000_console_server::::::::
	cpe:2.3:h:opengear:kcs6000_rackside_console_server::::::::

No data.

References

Link	Providers
http://jvn.jp/en/jp/JVN71349007/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000096

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2011-11-09T20:00:00Z

Updated: 2024-09-16T20:01:40.517Z

Reserved: 2011-10-05T00:00:00Z

Link: CVE-2011-3997

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-11-09T20:55:01.587

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-3997

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-11-09T20:00:00Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVNDB-2011-000096", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000096"}, {"name": "JVN#71349007", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN71349007/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2011-3997", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JVNDB-2011-000096", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000096"}, {"name": "JVN#71349007", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN71349007/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:53:32.597Z"}, "title": "CVE Program Container", "references": [{"name": "JVNDB-2011-000096", "tags": ["third-party-advisory", "x_refsource_JVNDB", "x_transferred"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000096"}, {"name": "JVN#71349007", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN71349007/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2011-3997", "datePublished": "2011-11-09T20:00:00Z", "dateReserved": "2011-10-05T00:00:00Z", "dateUpdated": "2024-09-16T20:01:40.517Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opengear:opengear_console_server_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3B39748-D797-4599-855C-6906D91CA5E9", "versionEndIncluding": "2.1.0u7", "vulnerable": true}, {"criteria": "cpe:2.3:a:opengear:opengear_console_server_firmware:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "38B00DB4-FA1D-455B-BF53-DC93B447976F", "vulnerable": true}, {"criteria": "cpe:2.3:a:opengear:opengear_console_server_firmware:2.0.4u1:*:*:*:*:*:*:*", "matchCriteriaId": "83A11D76-9091-4FC4-8DDA-79250620BBE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:opengear:opengear_console_server_firmware:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "CFF8CBC0-5716-425C-985F-0C08D033196C", "vulnerable": true}, {"criteria": "cpe:2.3:a:opengear:opengear_console_server_firmware:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "5F6163D4-400B-4CB5-9ED4-0A08D71A855D", "vulnerable": true}, {"criteria": "cpe:2.3:a:opengear:opengear_console_server_firmware:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "8B73C1C3-096F-4D2C-879E-418E8EE6CB02", "vulnerable": true}, {"criteria": "cpe:2.3:a:opengear:opengear_console_server_firmware:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2F3BF03-8317-4918-BB56-454C6763A98C", "vulnerable": true}, {"criteria": "cpe:2.3:a:opengear:opengear_console_server_firmware:2.1.0u1:*:*:*:*:*:*:*", "matchCriteriaId": "4E170378-7AAB-4327-B3E8-BA950BBC17EB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:opengear:acm5000_console_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "87CF7575-740B-42A7-B65B-8BBC8F950778", "vulnerable": true}, {"criteria": "cpe:2.3:h:opengear:cm4000_console_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "41AE0FC0-1715-4086-925F-9BB3218BDB69", "vulnerable": true}, {"criteria": "cpe:2.3:h:opengear:im4004-5_console_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A95AD04A-6832-4EEE-9A38-96A324C15F45", "vulnerable": true}, {"criteria": "cpe:2.3:h:opengear:im4200_console_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A0FBE41-1103-4444-9440-1BF0A9A9D1BB", "vulnerable": true}, {"criteria": "cpe:2.3:h:opengear:img4000_console_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE4AC1B6-CC27-4AA6-8DD8-F2BB90F93AC6", "vulnerable": true}, {"criteria": "cpe:2.3:h:opengear:kcs6000_rackside_console_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "99388420-B75A-4C94-A0FF-CA527358E635", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors."}, {"lang": "es", "value": "Opengear console con firmware anterior a v2.2.1, permite a atacantes remotos evitar la autenticaci\u00f3n y modificar caracter\u00edsticas o acceder a equipos conectados a trav\u00e9s de vectores no especificados."}], "id": "CVE-2011-3997", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-11-09T20:55:01.587", "references": [{"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN71349007/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/en/jp/JVN71349007/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000096"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}