CVE-2012-2963

BreakingPoint Storm <3.0 - Info Disclosure

Title source: llm

Description

The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file.

References (3)

[US Government Resource] http://www.kb.cert.org/vuls/id/520430

[Various Sources] http://www.secureworks.com/research/advisories/SWRX-2012-005/

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/MAPG-8GANCC

Scores

EPSS 0.0131

EPSS Percentile 79.6%

Classification

CWE

CWE-287

Status draft

Affected Products (5)

breakingpointsystems/breakingpoint_storm_appliance_ctm < 2.0

breakingpointsystems/breakingpoint_storm_appliance_ctm

breakingpointsystems/breakingpoint_storm_appliance

Timeline

Published Aug 12, 2012

Tracked Since Feb 18, 2026