发布时间 :2002-05-29 00:00:00
修订时间 :2016-10-17 22:17:36

[原文]Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.

[CNNVD]HP AdvanceStack Switch绕过管理认证漏洞(CNNVD-200205-056)

        HP AdvanceStack 10Base-T交换Hub组合了10Base-T功能和交换特性。
        HP AdvanceStack 10Base-T交换Hub存在漏洞,一个非特权的用户可能绕过验证直接访问管理web页面。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/h:hp:advancestack_10base-t_switching_hub_j3200a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3200A version A.03.07
cpe:/h:hp:advancestack_10base-t_switching_hub_j3210a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3210A version A.03.07
cpe:/h:hp:advancestack_10base-t_switching_hub_j3205a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3205A version A.03.07
cpe:/h:hp:advancestack_10base-t_switching_hub_j3202a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3202A version A.03.07
cpe:/h:hp:advancestack_10base-t_switching_hub_j3201a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3201A version A.03.07
cpe:/h:hp:advancestack_10base-t_switching_hub_j3204a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3204A version A.03.07
cpe:/h:hp:advancestack_10base-t_switching_hub_j3203a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3203A version A.03.07

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability
(VENDOR_ADVISORY)  XF  hp-advancestack-bypass-auth(8124)

- 漏洞信息

HP AdvanceStack Switch绕过管理认证漏洞
高危 未知
2002-05-29 00:00:00 2005-08-17 00:00:00
        HP AdvanceStack 10Base-T交换Hub组合了10Base-T功能和交换特性。
        HP AdvanceStack 10Base-T交换Hub存在漏洞,一个非特权的用户可能绕过验证直接访问管理web页面。

- 公告与补丁

        * HP在公告里给出两种解决方案:
         a. telnet或直接连接交换机
         b. 在菜单里输入"me"
         c. 打"2"进入访问控制配置
         d. 打"6"进入Web的启用/关闭,选关闭
         a. telnet或直接连接交换机
         b. 在菜单里输入"me"
         c. 打"2"进入访问控制配置
         d. 打"1"进入IP配置
         e. 打"Y"改变IP配置
         f. 选择"D"关闭IP段
         g. 选择"D"确认关闭(重复f和g,关闭所有需要关闭的IP段)
        HPSBUX0202-185:Sec. Vulnerability with HP AdvanceStack hubs
        目前厂商还没有提供补丁或者升级程序,我们建议使用HP AdvanceStack 10Base-T交换Hub的用户随时关注厂商的主页以获取最新版本:

- 漏洞信息 (21285)

HP AdvanceStack Switch Authentication Bypass Vulnerability (EDBID:21285)
hardware remote
2002-02-08 Verified
0 Tamer Sahin
N/A [点击下载]

HP AdvanceStack 10Base-T Switching Hubs combine 10Base-T functionality with the performance of switching.

It has been reported that authentication for HP J3210A 10Base-T Switching Hubs may be bypassed by an unprivileged user who accesses one of the administrative web pages directly.

The attacker may allegedly change the superuser password of the device via this interface and gain access to the administrative facilities of the device. Additionally, authentication credentials are disclosed to the attacker.

*Reportedly, the password is stored in plain text and can be revealed by viewing the source of the web page. 


- 漏洞信息

HP AdvanceStack Hub Web Config Utility web_access.html Authentication Bypass
Remote / Network Access Authentication Management
Loss of Integrity Workaround
Exploit Public Third-party Verified

- 漏洞描述

HP AdvanceStack hubs contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker bypasses the authentication in the 'web_access.html' administrative page by directly accessing the page. Successful exploitation allows an attacker to change the superuser password and thus able to gain full control of the affected device.

- 时间线

2002-02-08 Unknow
2002-02-08 Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): 1. Disable web access using telnet or RS-232 interface 2. Remove the management IP address

- 相关参考

- 漏洞作者

Unknown or Incomplete