You are here

V-010: 3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions

October 25, 2012 - 6:00am

Addthis

PROBLEM:

3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions

 

PLATFORM:

3COM, and H3C Routers & Switches

Specific products and model numbers is provided in the vendor's advisory.

 

ABSTRACT:

A vulnerability was reported in 3Com, HP, and H3C Switches.

 

REFERENCE LINKS:

HP Support document ID: c03515685
SecurityTracker Alert ID:  1027694
CVE-2012-3268

 

IMPACT ASSESSMENT:

High

 

DISCUSSION:

A remote user with knowledge of the SNMP public community string can access potentially sensitive data (e.g., user names, passwords) in the h3c-user.mib and hh3c-user.mib MIBs via SNMP and then use that data to take control of the target device.

 

IMPACT:

A remote user can take administrative actions on the target system.

 

SOLUTION:

The vendor has issued a fix for some affected products.

Addthis