CVE-2002-0250
CVSS7.5
发布时间 :2002-05-29 00:00:00
修订时间 :2016-10-17 22:17:36
NMCOE    

[原文]Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.


[CNNVD]HP AdvanceStack Switch绕过管理认证漏洞(CNNVD-200205-056)

        
        HP AdvanceStack 10Base-T交换Hub组合了10Base-T功能和交换特性。
        HP AdvanceStack 10Base-T交换Hub存在漏洞,一个非特权的用户可能绕过验证直接访问管理web页面。
        由于没有限制未授权用户对"/security/web_access.html的访问",攻击者可以直接访问上述页面修改设备的超级用户口令,以及以管理员权限访问设备。另外,所有的验证信息将暴露给攻击者。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/h:hp:advancestack_10base-t_switching_hub_j3204a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3204A version A.03.07
cpe:/h:hp:advancestack_10base-t_switching_hub_j3203a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3203A version A.03.07
cpe:/h:hp:advancestack_10base-t_switching_hub_j3205a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3205A version A.03.07
cpe:/h:hp:advancestack_10base-t_switching_hub_j3200a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3200A version A.03.07
cpe:/h:hp:advancestack_10base-t_switching_hub_j3210a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3210A version A.03.07
cpe:/h:hp:advancestack_10base-t_switching_hub_j3202a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3202A version A.03.07
cpe:/h:hp:advancestack_10base-t_switching_hub_j3201a:a.03.07cpe:/h:HP:AdvanceStack 10Base-T Switching Hub J3201A version A.03.07

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0250
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0250
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200205-056
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101318469216213&w=2
(UNKNOWN)  BUGTRAQ  20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability
http://online.securityfocus.com/advisories/3870
(VENDOR_ADVISORY)  HP  HPSBUX0202-185
http://www.iss.net/security_center/static/8124.php
(VENDOR_ADVISORY)  XF  hp-advancestack-bypass-auth(8124)
http://www.securityfocus.com/bid/4062
(VENDOR_ADVISORY)  BID  4062

- 漏洞信息

HP AdvanceStack Switch绕过管理认证漏洞
高危 未知
2002-05-29 00:00:00 2005-08-17 00:00:00
远程  
        
        HP AdvanceStack 10Base-T交换Hub组合了10Base-T功能和交换特性。
        HP AdvanceStack 10Base-T交换Hub存在漏洞,一个非特权的用户可能绕过验证直接访问管理web页面。
        由于没有限制未授权用户对"/security/web_access.html的访问",攻击者可以直接访问上述页面修改设备的超级用户口令,以及以管理员权限访问设备。另外,所有的验证信息将暴露给攻击者。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * HP在公告里给出两种解决方案:
        1、关闭web访问,使用telnet或RS-232接口
         a. telnet或直接连接交换机
         b. 在菜单里输入"me"
         c. 打"2"进入访问控制配置
         d. 打"6"进入Web的启用/关闭,选关闭
        2、移除管理IP地址
         a. telnet或直接连接交换机
         b. 在菜单里输入"me"
         c. 打"2"进入访问控制配置
         d. 打"1"进入IP配置
         e. 打"Y"改变IP配置
         f. 选择"D"关闭IP段
         g. 选择"D"确认关闭(重复f和g,关闭所有需要关闭的IP段)
        厂商补丁:
        HP
        --
        HP已经为此发布了一个安全公告(HPSBUX0202-185):
        HPSBUX0202-185:Sec. Vulnerability with HP AdvanceStack hubs
        目前厂商还没有提供补丁或者升级程序,我们建议使用HP AdvanceStack 10Base-T交换Hub的用户随时关注厂商的主页以获取最新版本:
        
        http://itrc.hp.com

- 漏洞信息 (21285)

HP AdvanceStack Switch Authentication Bypass Vulnerability (EDBID:21285)
hardware remote
2002-02-08 Verified
0 Tamer Sahin
N/A [点击下载]
source: http://www.securityfocus.com/bid/4062/info

HP AdvanceStack 10Base-T Switching Hubs combine 10Base-T functionality with the performance of switching.

It has been reported that authentication for HP J3210A 10Base-T Switching Hubs may be bypassed by an unprivileged user who accesses one of the administrative web pages directly.

The attacker may allegedly change the superuser password of the device via this interface and gain access to the administrative facilities of the device. Additionally, authentication credentials are disclosed to the attacker.

*Reportedly, the password is stored in plain text and can be revealed by viewing the source of the web page. 

http://host/security/web_access.html 		

- 漏洞信息

5339
HP AdvanceStack Hub Web Config Utility web_access.html Authentication Bypass
Remote / Network Access Authentication Management
Loss of Integrity Workaround
Exploit Public Third-party Verified

- 漏洞描述

HP AdvanceStack hubs contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker bypasses the authentication in the 'web_access.html' administrative page by directly accessing the page. Successful exploitation allows an attacker to change the superuser password and thus able to gain full control of the affected device.

- 时间线

2002-02-08 Unknow
2002-02-08 Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): 1. Disable web access using telnet or RS-232 interface 2. Remove the management IP address

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站