CVE-2004-0311

Current Description

American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access.

Basic Data

PublishedNovember 23, 2004
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareApcAp96063.0*******
    2.3HardwareApcAp96063.0.1*******

Vulnerable Software List

VendorProductVersions
Apc Ap9606 3.0, 3.0.1

References

NameSourceURLTags
20040216 APC 9606 SmartSlot Web/SNMP management card "backdoor"http://marc.info/?l=bugtraq&m=107703696631367&w=2BUGTRAQ
20040219 Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor"http://marc.info/?l=bugtraq&m=107721020803565&w=2BUGTRAQ
http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131&p_created=1077139129http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131&p_created=1077139129CONFIRM
9681http://www.securityfocus.com/bid/9681BIDPATCH Vendor Advisory
apc-smartslot-default-password(15238)https://exchange.xforce.ibmcloud.com/vulnerabilities/15238XF