| |
Vulnerability CVE-2012-5968
Published: 2012-12-19
| Description: |
The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network. |
Type:
CWE-20 (Improper Input Validation)
CVSS2 => (AV:A/AC:L/Au:N/C:P/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.8/10 |
4.9/10 |
6.5/10 |
| Exploit range |
Attack complexity |
Authentication |
Adjacent network |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
None |
References: |
http://www.kb.cert.org/vuls/id/871148
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
