Vulnerability CVE-2012-3268


Published: 2013-02-01

Description:
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.

See advisories in our WLB2 database:
Topic
Author
Date
High
HP/H3C and Huawei SNMP Weak Access to Critical Data
Kurt Grutzmacher
24.10.2012

Type:

CWE-200

(Information Exposure)

Vendor: Huawei
Product: Ne5000e 
Version:
v800r003
v800r002
v300r007
See more versions on NVD
Product: ME60 
Version:
v600r005c00spc600
v600r003
v600r002
v100r006
v100r005
See more versions on NVD
Product: Ne20e-x6 
Version: v600r003;
Product: Ne40e&80e 
Version:
v600r003
v600r002
v600r001
v300r003
See more versions on NVD
Product: Cx600 
Version:
v600r003
v600r002
v600r001
v200r002
See more versions on NVD
Product: Ne40&80 
Version: v300r005;
Product: -ma5200g 
Version: v300r003;
Product: NE20 
Version: v200r005;
Product: Ma5200g 
Version: v200r003;
Product: ATN 
Version: v200r001c01;
Product: ATB 
Version: v200r001c00;
Vendor: HP
Product: Msr 30-20 router host 
Version: rtvz33020as;
Product: Rt-sr66-rpe-x1-h3 
Version: rpe-x1;
Product: S9500e secblade vpn firewall module 
Version: lsr1fw2a1;
Product: S7510e 768 gbps fabric 
Version: lsq1srpd0;
Product: S7500e secblade vpn firewall module 
Version: lsq1fwbsc0;
Product: 12518 dc switch chassis 
Version: juc653a;
Product: 12508 switch chassis 
Version: jr431b;
Product: 12518 switch chassis 
Version: jr430b;
Product: 4210-16 switch 
Version: jr024a;
Product: 5830 cto built switch 
Version: jg478a;
Product: 1910-8g-poe+ (180w) switch 
Version: jg350a;
Product: 1910-8g-poe+ (65w) switch 
Version: jg349a;
Product: 1910-8g switch 
Version: jg348a;
Product: 3100-48 v2 switch 
Version: jg315a;
Product: 5500-48g-4sfp hi switch with 2 interface slots 
Version: jg312a;
Product: 5500-24g-4sfp hi switch with 2 interface slots 
Version: jg311a;
Product: 3600-48-poe+ v2 si switch 
Version: jg307a;
Product: 3600-48 v2 si switch 
Version: jg305a;
Product: 3600-24 v2 si switch 
Version: jg304a;
Product: 3600-24-sfp v2 ei switch 
Version: jg303a;
Product: 3600-48-poe+ v2 ei switch 
Version: jg302a;
Product: 3600-24-poe+ v2 ei switch 
Version: jg301a;
Product: 3600-48 v2 ei switch 
Version: jg300a;
Product: 3600-24 v2 ei switch 
Version: jg299a;
Product: 5800-48g taa-compliant switch with 1 interface slot 
Version: jg258a;
Product: 5800-48g-poe+ taa-compliant switch with 1 interface slot 
Version: jg257a;
Product: 5800-24g-sfp taa-compliant switch with 1 interface slot 
Version: jg256a;
Product: 5800-24g taa-compliant switch 
Version: jg255a;
Product: 5800-24g-poe+ taa-compliant switch 
Version: jg254a;
Product: 5500-48g-poe+ ei taa-compliant switch with 2 interface slots 
Version: jg253a;
Product: 5500-24g-poe+ ei taa-compliant switch with 2 interface slots 
Version: jg252a;
Product: 5500-48g ei taa-compliant switch with 2 interface slots 
Version: jg251a;
Product: 5500-24g ei taa-compliant switch with 2 interface slots 
Version: jg250a;
Product: 5500-24g-sfp ei taa-compliant switch with 2 interface slots 
Version: jg249a;
Product: 5120-48g-poe+ ei taa-compliant switch with 2 slots 
Version: jg248a;
Product: 5120-24g-poe+ ei taa-compliant switch with 2 slots 
Version: jg247a;
Product: 5120-48g ei taa-compliant switch with 2 interface slots 
Version: jg246a;
Product: 5120-24g ei taa-compliant switch with 2 interface slots 
Version: jg245a;
Product: 5800-48g-poe+ taa-compliant switch with 2 interface slots 
Version: jg242a;
Product: 5500-24g-poe+ ei switch with 2 interface slots 
Version: jg241a;
Product: 5500-48g-poe+ ei switch with 2 interface slots 
Version: jg240a;
Product: 5500-48g-poe+ si switch with 2 interface slots 
Version: jg239a;
Product: 5500-24g-poe+ si switch with 2 interface slots 
Version: jg238a;
Product: 5120-48g-poe+ ei switch with 2 interface slots 
Version: jg237a;
Product: 5120-24g-poe+ ei switch with 2 interface slots 
Version: jg236a;
Product: 5800af-48g switch 
Version: jg225a;
Product: 3100-24 v2 si switch 
Version: jg223a;
Product: 3100-16 v2 si switch 
Version: jg222a;
Product: 3100-8 v2 si switch 
Version: jg221a;
Product: F5000 firewall main processing unit 
Version: jg215a;
Product: F1000-ei vpn firewall appliance 
Version: jg214a;
Product: F1000-s-ei vpn firewall appliance 
Version: jg213a;
Product: Msr20-13-w router (na) 
Version: jg210a;
Product: Msr20-12-t-w router (na) 
Version: jg209a;
Product: Msr920-w router (na) 
Version: jg208a;
Product: Msr900-w router (na) 
Version: jg207a;
Product: Msr30-10 dc router 
Version: jg184a;
Product: Msr30-11f router 
Version: jg183a;
Product: Msr30-11e router 
Version: jg182a;
Product: 5120-24g-poe+ (170w) si switch 
Version: jg092a;
Product: -5120-24g-poe+ (370w) si switch 
Version: jg091a;
Product: A3100-26c-epon-ei switch 
Version: jg059a;
Product: 4510-24g switch 
Version: jf847a;
Product: 4210-24g-poe switch 
Version: jf846a;
Product: 4210-48g switch 
Version: jf845a;
Product: 4210-24g switch 
Version: jf844a;
Product: Msr20-15 router 
Version: jf817a;
Product: Msr30-10 router 
Version: jf816a;
Product: Msr920 2-port fe wan / 8-port fe lan / 802.11b/g router 
Version: jf815a;
Product: Msr900-w router 
Version: jf814a;
Product: Msr920 router 
Version: jf813a;
Product: Msr900 2-port fe wan / 4-port fe lan router 
Version: jf812a;
Product: Msr20-15-a-w router 
Version: jf809a;
Product: Msr20-13-w router 
Version: jf808a;
Product: Msr20-12-w router 
Version: jf807a;
Product: Msr20-12-t router 
Version: jf806a;
Product: Msr30-60 poe router 
Version: jf804a;

CVSS2 => (AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.5/10
10/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://archives.neohapsis.com/archives/bugtraq/2012-10/0123.html
http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515685
http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000001165&idAbsPath=0301_10001&nameAbsPath=Services%2520News
http://www.kb.cert.org/vuls/id/225404
http://www.kb.cert.org/vuls/id/MORO-8ZDJDP
http://www.securityfocus.com/bid/56183
http://www.securitytracker.com/id?1027694

Related CVE
CVE-2019-5408
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. Th...
CVE-2019-5407
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5406
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5405
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5404
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5403
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5402
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5401
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). B...

Copyright 2019, cxsecurity.com

 

Back to Top