Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3268

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2012-3268
Last Modified 04 Apr 2013 11:11:48
Published 01 Feb 2013 06:49:52
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-3268

Summary

Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.

Vulnerable Systems


References

CERT-VN - VU#225404

CONFIRM - http://www.kb.cert.org/vuls/id/MORO-8ZDJDP

CONFIRM - http://support.huawei.com/support/pages/news/NewsInfoAction.do?doc_id=IN0000054930&colID=ROOTENWEB|CO0000000170&actionFlag=view

CONFIRM - http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000001165&idAbsPath=0301_10001&nameAbsPath=Services%2520News

HP - HPSBHF02819

HP - SSRT100920

HP - SSRT100962

MISC - http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html

BID - 56183

SECTRACK - 1027694

BUGTRAQ - 20121023 HP/H3C and Huawei SNMP Weak Access to Critical Data


Last Updated: 27 May 2016 11:01:54