Description
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.
References (9)
Core 9
Core References
Broken Link, Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515685
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MORO-8ZDJDP
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/56183
Various Sources x_refsource_confirm
http://support.huawei.com/support/pages/news/NewsInfoAction.do?doc_id=IN0000054930&colID=ROOTENWEB%7CCO0000000170&actionFlag=view
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/225404
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027694
Broken Link mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-10/0123.html
Third Party Advisory x_refsource_misc
http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html
Scores
EPSS
0.0179
EPSS Percentile
83.0%
Details
CWE
CWE-522
Status
published
Products (50)
hp/0150a129
hp/0150a12a
hp/0150a12b
hp/0150a12c
hp/0231a0av
hp/0231a65t
hp/0231a761
hp/0231a832
hp/0231a86p
hp/0231a88a
... and 40 more
Published
Feb 01, 2013
Tracked Since
Feb 18, 2026