Vulnerability CVE-2012-3268


Published: 2013-02-01   Modified: 2017-07-11

Description:
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.

See advisories in our WLB2 database:
Topic
Author
Date
High
HP/H3C and Huawei SNMP Weak Access to Critical Data
Kurt Grutzmacher
24.10.2012

Vendor: Huawei
Product: Ne5000e 
Version:
v800r003
v800r002
v300r007
See more versions on NVD
Product: ME60 
Version:
v600r005c00spc600
v600r003
v600r002
v100r006
v100r005
See more versions on NVD
Product: Cx600 
Version:
v600r003
v600r002
v600r001
v200r002
See more versions on NVD
Product: Ne40e&80e 
Version:
v600r003
v600r002
v600r001
v300r003
See more versions on NVD
Product: Ne20e-x6 
Version: v600r003;
Product: Ne40&80 
Version: v300r005;
Product: -ma5200g 
Version: v300r003;
Product: NE20 
Version: v200r005;
Product: Ma5200g 
Version: v200r003;
Product: ATN 
Version: v200r001c01;
Product: ATB 
Version: v200r001c00;
Vendor: HP
Product: Msr 30-20 router host 
Version: rtvz33020as;
Product: Rt-sr66-rpe-x1-h3 
Version: rpe-x1;
Product: S9500e secblade vpn firewall module 
Version: lsr1fw2a1;
Product: S7510e 768 gbps fabric 
Version: lsq1srpd0;
Product: S7500e secblade vpn firewall module 
Version: lsq1fwbsc0;
Product: 12518 dc switch chassis 
Version: juc653a;
Product: 12508 switch chassis 
Version: jr431b;
Product: 12518 switch chassis 
Version: jr430b;
Product: 4210-16 switch 
Version: jr024a;
Product: 5830 cto built switch 
Version: jg478a;
Product: 1910-8g-poe+ (180w) switch 
Version: jg350a;
Product: 1910-8g-poe+ (65w) switch 
Version: jg349a;
Product: 1910-8g switch 
Version: jg348a;
Product: 3100-48 v2 switch 
Version: jg315a;
Product: 5500-48g-4sfp hi switch with 2 interface slots 
Version: jg312a;
Product: 5500-24g-4sfp hi switch with 2 interface slots 
Version: jg311a;
Product: 3600-48-poe+ v2 si switch 
Version: jg307a;
Product: 3600-48 v2 si switch 
Version: jg305a;
Product: 3600-24 v2 si switch 
Version: jg304a;
Product: 3600-24-sfp v2 ei switch 
Version: jg303a;
Product: 3600-48-poe+ v2 ei switch 
Version: jg302a;
Product: 3600-24-poe+ v2 ei switch 
Version: jg301a;
Product: 3600-48 v2 ei switch 
Version: jg300a;
Product: 3600-24 v2 ei switch 
Version: jg299a;
Product: 5800-48g taa-compliant switch with 1 interface slot 
Version: jg258a;
Product: 5800-48g-poe+ taa-compliant switch with 1 interface slot 
Version: jg257a;
Product: 5800-24g-sfp taa-compliant switch with 1 interface slot 
Version: jg256a;
Product: 5800-24g taa-compliant switch 
Version: jg255a;
Product: 5800-24g-poe+ taa-compliant switch 
Version: jg254a;
Product: 5500-48g-poe+ ei taa-compliant switch with 2 interface slots 
Version: jg253a;
Product: 5500-24g-poe+ ei taa-compliant switch with 2 interface slots 
Version: jg252a;
Product: 5500-48g ei taa-compliant switch with 2 interface slots 
Version: jg251a;
Product: 5500-24g ei taa-compliant switch with 2 interface slots 
Version: jg250a;
Product: 5500-24g-sfp ei taa-compliant switch with 2 interface slots 
Version: jg249a;
Product: 5120-48g-poe+ ei taa-compliant switch with 2 slots 
Version: jg248a;
Product: 5120-24g-poe+ ei taa-compliant switch with 2 slots 
Version: jg247a;
Product: 5120-48g ei taa-compliant switch with 2 interface slots 
Version: jg246a;
Product: 5120-24g ei taa-compliant switch with 2 interface slots 
Version: jg245a;
Product: 5800-48g-poe+ taa-compliant switch with 2 interface slots 
Version: jg242a;
Product: 5500-24g-poe+ ei switch with 2 interface slots 
Version: jg241a;
Product: 5500-48g-poe+ ei switch with 2 interface slots 
Version: jg240a;
Product: 5500-48g-poe+ si switch with 2 interface slots 
Version: jg239a;
Product: 5500-24g-poe+ si switch with 2 interface slots 
Version: jg238a;
Product: 5120-48g-poe+ ei switch with 2 interface slots 
Version: jg237a;
Product: 5120-24g-poe+ ei switch with 2 interface slots 
Version: jg236a;
Product: 5800af-48g switch 
Version: jg225a;
Product: 3100-24 v2 si switch 
Version: jg223a;
Product: 3100-16 v2 si switch 
Version: jg222a;
Product: 3100-8 v2 si switch 
Version: jg221a;
Product: F5000 firewall main processing unit 
Version: jg215a;
Product: F1000-ei vpn firewall appliance 
Version: jg214a;
Product: F1000-s-ei vpn firewall appliance 
Version: jg213a;
Product: Msr20-13-w router (na) 
Version: jg210a;
Product: Msr20-12-t-w router (na) 
Version: jg209a;
Product: Msr920-w router (na) 
Version: jg208a;
Product: Msr900-w router (na) 
Version: jg207a;
Product: Msr30-10 dc router 
Version: jg184a;
Product: Msr30-11f router 
Version: jg183a;
Product: Msr30-11e router 
Version: jg182a;
Product: 5120-24g-poe+ (170w) si switch 
Version: jg092a;
Product: -5120-24g-poe+ (370w) si switch 
Version: jg091a;
Product: A3100-26c-epon-ei switch 
Version: jg059a;
Product: 4510-24g switch 
Version: jf847a;
Product: 4210-24g-poe switch 
Version: jf846a;
Product: 4210-48g switch 
Version: jf845a;
Product: 4210-24g switch 
Version: jf844a;
Product: Msr20-15 router 
Version: jf817a;
Product: Msr30-10 router 
Version: jf816a;
Product: Msr920 2-port fe wan / 8-port fe lan / 802.11b/g router 
Version: jf815a;
Product: Msr900-w router 
Version: jf814a;
Product: Msr920 router 
Version: jf813a;
Product: Msr900 2-port fe wan / 4-port fe lan router 
Version: jf812a;
Product: Msr20-15-a-w router 
Version: jf809a;
Product: Msr20-13-w router 
Version: jf808a;
Product: Msr20-12-w router 
Version: jf807a;
Product: Msr20-12-t router 
Version: jf806a;
Product: Msr30-60 poe router 
Version: jf804a;

CVSS2 => (AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.5/10
10/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://archives.neohapsis.com/archives/bugtraq/2012-10/0123.html
http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515685
http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000001165&idAbsPath=0301_10001&nameAbsPath=Services%2520News
http://support.huawei.com/support/pages/news/NewsInfoAction.do?doc_id=IN0000054930&colID=ROOTENWEB%7CCO0000000170&actionFlag=view
http://www.kb.cert.org/vuls/id/225404
http://www.kb.cert.org/vuls/id/MORO-8ZDJDP
http://www.securityfocus.com/bid/56183
http://www.securitytracker.com/id?1027694

Related CVE
CVE-2017-14360
A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).
CVE-2017-14359
A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting.
CVE-2017-14356
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
CVE-2017-14357
A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored...
CVE-2017-14358
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.
CVE-2017-5791
The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.
CVE-2017-5789
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.
CVE-2017-8994
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.

Copyright 2017, cxsecurity.com

 

Back to Top