Vulnerability CVE-2002-0250


Published: 2002-05-29   Modified: 2012-02-12

Description:
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.

Vendor: HP
Product: Advancestack 10base-t switching hub j3205a 
Version: a.03.07;
Product: Advancestack 10base-t switching hub j3200a 
Version: a.03.07;
Product: Advancestack 10base-t switching hub j3202a 
Version: a.03.07;
Product: Advancestack 10base-t switching hub j3204a 
Version: a.03.07;
Product: Advancestack 10base-t switching hub j3210a 
Version: a.03.07;
Product: Advancestack 10base-t switching hub j3201a 
Version: a.03.07;
Product: Advancestack 10base-t switching hub j3203a 
Version: a.03.07;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://marc.info/?l=bugtraq&m=101318469216213&w=2
http://online.securityfocus.com/advisories/3870
http://www.iss.net/security_center/static/8124.php
http://www.securityfocus.com/bid/4062

Related CVE
CVE-2019-6333
A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touc...
CVE-2019-11656
Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
CVE-2019-11655
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.
CVE-2019-5408
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. Th...
CVE-2019-5407
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5406
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5405
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5404
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

Copyright 2019, cxsecurity.com

 

Back to Top