Podatność CVE-2012-3268


Publikacja: 2013-02-01

Opis:
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
HP/H3C and Huawei SNMP Weak Access to Critical Data
Kurt Grutzmacher
24.10.2012

Typ:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:M/Au:S/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
8.5/10
10/10
6.8/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Jednorazowa
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
Huawei -> Ne40&80 
Huawei -> Ne5000e 
Huawei -> Ne20e-x6 
Huawei -> -ma5200g 
Huawei -> NE20 
Huawei -> Cx600 
Huawei -> Ne40e&80e 
Huawei -> ME60 
Huawei -> ATN 
Huawei -> ATB 
Huawei -> Ma5200g 
HP -> S3610-28tp-model ls-3610-28tp-ovs 
HP -> A7500 384gbps fabric/main processing unit 
HP -> 4200g switch pwr 24-port 
HP -> S5120-20p-si l2 16ge plus 4sfp 
HP -> A9505 switch chassis 
HP -> 4210 switch 9-port taa 
HP -> E4210-16-poe switch 
HP -> 4500g pwr switch 48-port 
HP -> S7510e ethernet switch chassis with fan 
HP -> E4510-48g switch 
HP -> 4800g switch 24-port 
HP -> S7903e-s chassis kit w/ fans 
HP -> E5500-48-poe switch 
HP -> 5500-24g-poe+ ei switch with 2 interface slots 
HP -> Sr66 gigabit firewall module 
HP -> F1000-s-ei vpn firewall appliance 
HP -> 5500-48g-poe ei switch 
HP -> Wx3008 4 poe plus 
HP -> Msr 20-10 
HP -> 5500g-ei switch sfp 24-port 
HP -> Msr 30-16 poe 
HP -> 5820 vpn firewall modulejd255a 
HP -> Msr 50-40 chassis 
HP -> 7500 384gbps fabric module with 2 xfp ports 
HP -> Msr30-11e router 
HP -> 8805 router chassis 
HP -> Msr30-60 poe router 
HP -> A-msr20-15 a multi-service router 
HP -> Rt-msr2012-ac-ovs-h3 
HP -> A-wx5004 access controller 
HP -> 1910-48g switch 
HP -> Rt-msr3040-ac-ovs-as-h3 
HP -> A3100-8 si switch 
HP -> 3100-16 dc ei switch 
HP -> S3100-16c-si-model ls-s3100-16c-si-ac-ovs 
HP -> A5100-16g ei switch 
HP -> 3100-8 ei switch 
HP -> S3100-8tp-ei-model ls-3100-8tp-ei-h3-a-o 
HP -> A5120-48g-poe ei 2-slot switch 
HP -> 3600-48-poe ei switch 
HP -> S3610-52p-model ls-3610-52p-ovs 
HP -> A7500 384gbps fabric/main processing unit with 2 10gbe xfp ports 
HP -> 4210-16 switch 
HP -> S5120-24p-ei 24ge plus 4combosfp 
HP -> A9508 switch chassis 
HP -> 4210 switch pwr 18-port 
HP -> E4210-16 switch 
HP -> 4500g pwr switch 48-port taa 
HP -> S9502 (ls-9502-ovs-h3) routing switch chassis 
HP -> E4800-24g-sfp switch 
HP -> 4800g switch 24-port sfp  
HP -> S9508 routing switch chassis 
HP -> E5500-48 ei (taa) switch 
HP -> 5500-24g-poe+ ei taa-compliant switch with 2 interface slots 
HP -> S7906e chassis kit w/ fans 
HP -> F5000 firewall main processing unit 
HP -> 5500-48g-poe si switch 
HP -> Sr8808 10g core router chassis 
HP -> Msr 20-11 
HP -> 5682 router 
HP -> Msr 30-20 
HP -> 5830 cto built switch 
HP -> Msr 50-40 router 
HP -> 7500 384gbps taa-compliant fabric / main processing unit 
HP -> Msr30-11f router 
HP -> 8807 7-slot chassis kit 
HP -> Msrr30-40 dc router 
HP -> A-msr20-15 aw multi-service router 
HP -> -5120-24g-poe+ (370w) si switch 
HP -> Rt-msr2012-ac-ovs-w-h3 
HP -> A12508 switch chassis 
HP -> 1910-8g-poe+ (180w) switch 
HP -> Rt-msr3040-ac-ovs-h 
HP -> A3100 (ls6mcfl1ub) ethernet switch 
HP -> 3100-16 ei switch 
HP -> S3100-16c-si-model ls-s3100-16c-si-dc-ovs 
HP -> A5100-16g si switch 
HP -> 3100-8 si switch 
HP -> S3100-8tp-ei-model ls-3100-8tp-ei-h3-d-o 
HP -> A5120-48g ei switch 
HP -> 3600-48-poe si switch 
HP -> S5100-16p-ei-model ls-5100-16p-ei-ovs-h3 
HP -> A7502 switch chassis 
HP -> 4210-24-poe switch 
HP -> S5120-28c-ei 24ge plus 4combo plus 2slt 
HP -> A9512 switch chassis 
HP -> 4210 switch pwr 26-port 
HP -> E4210-24 switch 
HP -> 4500g switch 24-port 

 Referencje:
http://archives.neohapsis.com/archives/bugtraq/2012-10/0123.html
http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515685
http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000001165&idAbsPath=0301_10001&nameAbsPath=Services%2520News
http://www.kb.cert.org/vuls/id/225404
http://www.kb.cert.org/vuls/id/MORO-8ZDJDP
http://www.securityfocus.com/bid/56183
http://www.securitytracker.com/id?1027694

Copyright 2020, cxsecurity.com

 

Back to Top