Vulnerability CVE-2012-3268


Published: 2013-02-01

Description:
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.

See advisories in our WLB2 database:
Topic
Author
Date
High
HP/H3C and Huawei SNMP Weak Access to Critical Data
Kurt Grutzmacher
24.10.2012

Type:

CWE-200

(Information Exposure)

Vendor: Huawei
Product: Ne5000e 
Version:
v800r003
v800r002
v300r007
See more versions on NVD
Product: ME60 
Version:
v600r005c00spc600
v600r003
v600r002
v100r006
v100r005
See more versions on NVD
Product: Ne20e-x6 
Version: v600r003;
Product: Ne40e&80e 
Version:
v600r003
v600r002
v600r001
v300r003
See more versions on NVD
Product: Cx600 
Version:
v600r003
v600r002
v600r001
v200r002
See more versions on NVD
Product: Ne40&80 
Version: v300r005;
Product: -ma5200g 
Version: v300r003;
Product: NE20 
Version: v200r005;
Product: Ma5200g 
Version: v200r003;
Product: ATN 
Version: v200r001c01;
Product: ATB 
Version: v200r001c00;
Vendor: HP
Product: Msr 30-20 router host 
Version: rtvz33020as;
Product: Rt-sr66-rpe-x1-h3 
Version: rpe-x1;
Product: S9500e secblade vpn firewall module 
Version: lsr1fw2a1;
Product: S7510e 768 gbps fabric 
Version: lsq1srpd0;
Product: S7500e secblade vpn firewall module 
Version: lsq1fwbsc0;
Product: 12518 dc switch chassis 
Version: juc653a;
Product: 12508 switch chassis 
Version: jr431b;
Product: 12518 switch chassis 
Version: jr430b;
Product: 4210-16 switch 
Version: jr024a;
Product: 5830 cto built switch 
Version: jg478a;
Product: 1910-8g-poe+ (180w) switch 
Version: jg350a;
Product: 1910-8g-poe+ (65w) switch 
Version: jg349a;
Product: 1910-8g switch 
Version: jg348a;
Product: 3100-48 v2 switch 
Version: jg315a;
Product: 5500-48g-4sfp hi switch with 2 interface slots 
Version: jg312a;
Product: 5500-24g-4sfp hi switch with 2 interface slots 
Version: jg311a;
Product: 3600-48-poe+ v2 si switch 
Version: jg307a;
Product: 3600-48 v2 si switch 
Version: jg305a;
Product: 3600-24 v2 si switch 
Version: jg304a;
Product: 3600-24-sfp v2 ei switch 
Version: jg303a;
Product: 3600-48-poe+ v2 ei switch 
Version: jg302a;
Product: 3600-24-poe+ v2 ei switch 
Version: jg301a;
Product: 3600-48 v2 ei switch 
Version: jg300a;
Product: 3600-24 v2 ei switch 
Version: jg299a;
Product: 5800-48g taa-compliant switch with 1 interface slot 
Version: jg258a;
Product: 5800-48g-poe+ taa-compliant switch with 1 interface slot 
Version: jg257a;
Product: 5800-24g-sfp taa-compliant switch with 1 interface slot 
Version: jg256a;
Product: 5800-24g taa-compliant switch 
Version: jg255a;
Product: 5800-24g-poe+ taa-compliant switch 
Version: jg254a;
Product: 5500-48g-poe+ ei taa-compliant switch with 2 interface slots 
Version: jg253a;
Product: 5500-24g-poe+ ei taa-compliant switch with 2 interface slots 
Version: jg252a;
Product: 5500-48g ei taa-compliant switch with 2 interface slots 
Version: jg251a;
Product: 5500-24g ei taa-compliant switch with 2 interface slots 
Version: jg250a;
Product: 5500-24g-sfp ei taa-compliant switch with 2 interface slots 
Version: jg249a;
Product: 5120-48g-poe+ ei taa-compliant switch with 2 slots 
Version: jg248a;
Product: 5120-24g-poe+ ei taa-compliant switch with 2 slots 
Version: jg247a;
Product: 5120-48g ei taa-compliant switch with 2 interface slots 
Version: jg246a;
Product: 5120-24g ei taa-compliant switch with 2 interface slots 
Version: jg245a;
Product: 5800-48g-poe+ taa-compliant switch with 2 interface slots 
Version: jg242a;
Product: 5500-24g-poe+ ei switch with 2 interface slots 
Version: jg241a;
Product: 5500-48g-poe+ ei switch with 2 interface slots 
Version: jg240a;
Product: 5500-48g-poe+ si switch with 2 interface slots 
Version: jg239a;
Product: 5500-24g-poe+ si switch with 2 interface slots 
Version: jg238a;
Product: 5120-48g-poe+ ei switch with 2 interface slots 
Version: jg237a;
Product: 5120-24g-poe+ ei switch with 2 interface slots 
Version: jg236a;
Product: 5800af-48g switch 
Version: jg225a;
Product: 3100-24 v2 si switch 
Version: jg223a;
Product: 3100-16 v2 si switch 
Version: jg222a;
Product: 3100-8 v2 si switch 
Version: jg221a;
Product: F5000 firewall main processing unit 
Version: jg215a;
Product: F1000-ei vpn firewall appliance 
Version: jg214a;
Product: F1000-s-ei vpn firewall appliance 
Version: jg213a;
Product: Msr20-13-w router (na) 
Version: jg210a;
Product: Msr20-12-t-w router (na) 
Version: jg209a;
Product: Msr920-w router (na) 
Version: jg208a;
Product: Msr900-w router (na) 
Version: jg207a;
Product: Msr30-10 dc router 
Version: jg184a;
Product: Msr30-11f router 
Version: jg183a;
Product: Msr30-11e router 
Version: jg182a;
Product: 5120-24g-poe+ (170w) si switch 
Version: jg092a;
Product: -5120-24g-poe+ (370w) si switch 
Version: jg091a;
Product: A3100-26c-epon-ei switch 
Version: jg059a;
Product: 4510-24g switch 
Version: jf847a;
Product: 4210-24g-poe switch 
Version: jf846a;
Product: 4210-48g switch 
Version: jf845a;
Product: 4210-24g switch 
Version: jf844a;
Product: Msr20-15 router 
Version: jf817a;
Product: Msr30-10 router 
Version: jf816a;
Product: Msr920 2-port fe wan / 8-port fe lan / 802.11b/g router 
Version: jf815a;
Product: Msr900-w router 
Version: jf814a;
Product: Msr920 router 
Version: jf813a;
Product: Msr900 2-port fe wan / 4-port fe lan router 
Version: jf812a;
Product: Msr20-15-a-w router 
Version: jf809a;
Product: Msr20-13-w router 
Version: jf808a;
Product: Msr20-12-w router 
Version: jf807a;
Product: Msr20-12-t router 
Version: jf806a;
Product: Msr30-60 poe router 
Version: jf804a;

CVSS2 => (AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.5/10
10/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://archives.neohapsis.com/archives/bugtraq/2012-10/0123.html
http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515685
http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000001165&idAbsPath=0301_10001&nameAbsPath=Services%2520News
http://www.kb.cert.org/vuls/id/225404
http://www.kb.cert.org/vuls/id/MORO-8ZDJDP
http://www.securityfocus.com/bid/56183
http://www.securitytracker.com/id?1027694

Related CVE
CVE-2018-6494
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.
CVE-2018-6493
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injec...
CVE-2018-6492
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability ...
CVE-2018-6490
Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service.
CVE-2017-8984
A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found.
CVE-2017-8983
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.
CVE-2017-8982
A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.
CVE-2017-8981
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.

Copyright 2018, cxsecurity.com

 

Back to Top