3Com, HP, and H3C Routers and Switches SNMP Configuration Vulnerability

Last Update Date: 25 Oct 2012 16:09 Release Date: 25 Oct 2012 4548 Views

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

A vulnerability was identified in 3Com, HP, and H3C routers and switches. A remote user can take administrative actions on the target system. A remote user with knowledge of the SNMP public community string can access potentially sensitive data (e.g., user names, passwords) in the h3c-user.mib and hh3c-user.mib MIBs via SNMP and then use that data to take control of the target device.

Impact

Information Disclosure

System / Technologies affected

List of specific products and model numbers is provided in the vendor's advisory.
https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03515685

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

The vendor has issued a fix for some affected products
https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03515685

Vulnerability Identifier

CVE-2012-3268

Source

Related Link

http://securitytracker.com/id/1027694

Share with

ISC BIND Record Handling Lockup Vulnerability

11 Oct 2012 4212 Views

CA ARCserve Backup Multiple Vulnerabilities

22 Oct 2012 4134 Views