Overview
HP/H3C and Huawei networking equipment contains a vulnerability which could allow an attacker to access administrative functions of the device using systems network management protocol (SNMP) requests.
Description
According to the researcher's report.: "HP/H3C and Huawei networking equipment suffers from a serious weakness in regards to their handling of Systems Network Management Protocol (SNMP) requests for protected h3c-user.mib and hh3c-user.mib objects. |
Impact
A remote unauthenticated attacker can access administrative functions of the device using systems network management protocol (SNMP) requests. |
Solution
Update |
According to the researcher's report: |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 7.7 | E:F/RL:OF/RC:C |
Environmental | 7.7 | CDP:MH/TD:H/CR:ND/IR:ND/AR:ND |
References
- http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html
- https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03515685&ac.admitted=1351086123601.876444892.492883150
- http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000001069&idAbsPath=0301_10001&nameAbsPath=Services%2520News
Acknowledgements
Thanks to Kurt Grutzmacher for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
CVE IDs: | CVE-2012-3268 |
Date Public: | 2012-10-23 |
Date First Published: | 2012-10-24 |
Date Last Updated: | 2012-10-26 12:39 UTC |
Document Revision: | 16 |