Vulnerability CVE-2002-0250


Published: 2002-05-29   Modified: 2012-02-12

Description:
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.

Vendor: HP
Product: Advancestack 10base-t switching hub j3205a 
Version: a.03.07;
Product: Advancestack 10base-t switching hub j3200a 
Version: a.03.07;
Product: Advancestack 10base-t switching hub j3202a 
Version: a.03.07;
Product: Advancestack 10base-t switching hub j3204a 
Version: a.03.07;
Product: Advancestack 10base-t switching hub j3210a 
Version: a.03.07;
Product: Advancestack 10base-t switching hub j3201a 
Version: a.03.07;
Product: Advancestack 10base-t switching hub j3203a 
Version: a.03.07;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://marc.info/?l=bugtraq&m=101318469216213&w=2
http://online.securityfocus.com/advisories/3870
http://www.iss.net/security_center/static/8124.php
http://www.securityfocus.com/bid/4062

Related CVE
CVE-2018-7120
A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege.
CVE-2018-5927
HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.
CVE-2018-5926
A potential vulnerability has been identified in HP Remote Graphics Software?s certificate authentication process version 7.5.0 and earlier.
CVE-2018-5923
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.
CVE-2017-2752
A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as...
CVE-2017-2748
A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.
CVE-2019-3484
Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7.
CVE-2019-3483
Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.

Copyright 2019, cxsecurity.com

 

Back to Top