ID |
CVE-2002-0250
|
Summary |
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3200a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3200a:a.03.07:*:*:*:*:*:*:*
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3201a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3201a:a.03.07:*:*:*:*:*:*:*
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3202a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3202a:a.03.07:*:*:*:*:*:*:*
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3203a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3203a:a.03.07:*:*:*:*:*:*:*
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3204a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3204a:a.03.07:*:*:*:*:*:*:*
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3205a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3205a:a.03.07:*:*:*:*:*:*:*
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3210a:a.03.07:*:*:*:*:*:*:*
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3210a:a.03.07:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.5 (as of 18-10-2016 - 02:17) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 4062 | bugtraq | 20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability | hp | HPSBUX0202-185 | vulnwatch | 20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability | xf | hp-advancestack-bypass-auth(8124) |
|
Last major update |
18-10-2016 - 02:17 |
Published |
29-05-2002 - 04:00 |
Last modified |
18-10-2016 - 02:17 |