Vulnerability CVE-2012-3268


Published: 2013-02-01

Description:
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.

See advisories in our WLB2 database:
Topic
Author
Date
High
HP/H3C and Huawei SNMP Weak Access to Critical Data
Kurt Grutzmacher
24.10.2012

Type:

CWE-200

(Information Exposure)

Vendor: Huawei
Product: Ne5000e 
Version:
v800r003
v800r002
v300r007
See more versions on NVD
Product: ME60 
Version:
v600r005c00spc600
v600r003
v600r002
v100r006
v100r005
See more versions on NVD
Product: Ne20e-x6 
Version: v600r003;
Product: Ne40e&80e 
Version:
v600r003
v600r002
v600r001
v300r003
See more versions on NVD
Product: Cx600 
Version:
v600r003
v600r002
v600r001
v200r002
See more versions on NVD
Product: Ne40&80 
Version: v300r005;
Product: -ma5200g 
Version: v300r003;
Product: NE20 
Version: v200r005;
Product: Ma5200g 
Version: v200r003;
Product: ATN 
Version: v200r001c01;
Product: ATB 
Version: v200r001c00;
Vendor: HP
Product: Msr 30-20 router host 
Version: rtvz33020as;
Product: Rt-sr66-rpe-x1-h3 
Version: rpe-x1;
Product: S9500e secblade vpn firewall module 
Version: lsr1fw2a1;
Product: S7510e 768 gbps fabric 
Version: lsq1srpd0;
Product: S7500e secblade vpn firewall module 
Version: lsq1fwbsc0;
Product: 12518 dc switch chassis 
Version: juc653a;
Product: 12508 switch chassis 
Version: jr431b;
Product: 12518 switch chassis 
Version: jr430b;
Product: 4210-16 switch 
Version: jr024a;
Product: 5830 cto built switch 
Version: jg478a;
Product: 1910-8g-poe+ (180w) switch 
Version: jg350a;
Product: 1910-8g-poe+ (65w) switch 
Version: jg349a;
Product: 1910-8g switch 
Version: jg348a;
Product: 3100-48 v2 switch 
Version: jg315a;
Product: 5500-48g-4sfp hi switch with 2 interface slots 
Version: jg312a;
Product: 5500-24g-4sfp hi switch with 2 interface slots 
Version: jg311a;
Product: 3600-48-poe+ v2 si switch 
Version: jg307a;
Product: 3600-48 v2 si switch 
Version: jg305a;
Product: 3600-24 v2 si switch 
Version: jg304a;
Product: 3600-24-sfp v2 ei switch 
Version: jg303a;
Product: 3600-48-poe+ v2 ei switch 
Version: jg302a;
Product: 3600-24-poe+ v2 ei switch 
Version: jg301a;
Product: 3600-48 v2 ei switch 
Version: jg300a;
Product: 3600-24 v2 ei switch 
Version: jg299a;
Product: 5800-48g taa-compliant switch with 1 interface slot 
Version: jg258a;
Product: 5800-48g-poe+ taa-compliant switch with 1 interface slot 
Version: jg257a;
Product: 5800-24g-sfp taa-compliant switch with 1 interface slot 
Version: jg256a;
Product: 5800-24g taa-compliant switch 
Version: jg255a;
Product: 5800-24g-poe+ taa-compliant switch 
Version: jg254a;
Product: 5500-48g-poe+ ei taa-compliant switch with 2 interface slots 
Version: jg253a;
Product: 5500-24g-poe+ ei taa-compliant switch with 2 interface slots 
Version: jg252a;
Product: 5500-48g ei taa-compliant switch with 2 interface slots 
Version: jg251a;
Product: 5500-24g ei taa-compliant switch with 2 interface slots 
Version: jg250a;
Product: 5500-24g-sfp ei taa-compliant switch with 2 interface slots 
Version: jg249a;
Product: 5120-48g-poe+ ei taa-compliant switch with 2 slots 
Version: jg248a;
Product: 5120-24g-poe+ ei taa-compliant switch with 2 slots 
Version: jg247a;
Product: 5120-48g ei taa-compliant switch with 2 interface slots 
Version: jg246a;
Product: 5120-24g ei taa-compliant switch with 2 interface slots 
Version: jg245a;
Product: 5800-48g-poe+ taa-compliant switch with 2 interface slots 
Version: jg242a;
Product: 5500-24g-poe+ ei switch with 2 interface slots 
Version: jg241a;
Product: 5500-48g-poe+ ei switch with 2 interface slots 
Version: jg240a;
Product: 5500-48g-poe+ si switch with 2 interface slots 
Version: jg239a;
Product: 5500-24g-poe+ si switch with 2 interface slots 
Version: jg238a;
Product: 5120-48g-poe+ ei switch with 2 interface slots 
Version: jg237a;
Product: 5120-24g-poe+ ei switch with 2 interface slots 
Version: jg236a;
Product: 5800af-48g switch 
Version: jg225a;
Product: 3100-24 v2 si switch 
Version: jg223a;
Product: 3100-16 v2 si switch 
Version: jg222a;
Product: 3100-8 v2 si switch 
Version: jg221a;
Product: F5000 firewall main processing unit 
Version: jg215a;
Product: F1000-ei vpn firewall appliance 
Version: jg214a;
Product: F1000-s-ei vpn firewall appliance 
Version: jg213a;
Product: Msr20-13-w router (na) 
Version: jg210a;
Product: Msr20-12-t-w router (na) 
Version: jg209a;
Product: Msr920-w router (na) 
Version: jg208a;
Product: Msr900-w router (na) 
Version: jg207a;
Product: Msr30-10 dc router 
Version: jg184a;
Product: Msr30-11f router 
Version: jg183a;
Product: Msr30-11e router 
Version: jg182a;
Product: 5120-24g-poe+ (170w) si switch 
Version: jg092a;
Product: -5120-24g-poe+ (370w) si switch 
Version: jg091a;
Product: A3100-26c-epon-ei switch 
Version: jg059a;
Product: 4510-24g switch 
Version: jf847a;
Product: 4210-24g-poe switch 
Version: jf846a;
Product: 4210-48g switch 
Version: jf845a;
Product: 4210-24g switch 
Version: jf844a;
Product: Msr20-15 router 
Version: jf817a;
Product: Msr30-10 router 
Version: jf816a;
Product: Msr920 2-port fe wan / 8-port fe lan / 802.11b/g router 
Version: jf815a;
Product: Msr900-w router 
Version: jf814a;
Product: Msr920 router 
Version: jf813a;
Product: Msr900 2-port fe wan / 4-port fe lan router 
Version: jf812a;
Product: Msr20-15-a-w router 
Version: jf809a;
Product: Msr20-13-w router 
Version: jf808a;
Product: Msr20-12-w router 
Version: jf807a;
Product: Msr20-12-t router 
Version: jf806a;
Product: Msr30-60 poe router 
Version: jf804a;

CVSS2 => (AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.5/10
10/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://archives.neohapsis.com/archives/bugtraq/2012-10/0123.html
http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515685
http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000001165&idAbsPath=0301_10001&nameAbsPath=Services%2520News
http://www.kb.cert.org/vuls/id/225404
http://www.kb.cert.org/vuls/id/MORO-8ZDJDP
http://www.securityfocus.com/bid/56183
http://www.securitytracker.com/id?1027694

Related CVE
CVE-2018-7116
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7115
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7114
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7076
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.
CVE-2018-5921
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow el...
CVE-2017-2751
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in earl...
CVE-2018-9069
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
CVE-2018-7109
HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM.

Copyright 2019, cxsecurity.com

 

Back to Top