CERTVU:377915SMC SMC8024L2 switch web interface authentication bypass
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
77.3%
Overview
The SMC8024L2 switch does not require authentication for the web interface configuration pages if they are visited with a direct URL.
Description
The SMC8024L2 switch does not require authentication for the web interface configuration pages if they are visited with a direct URL. An unauthenticated attacker can retrieve all configuration pages from the web management GUI.
Examples of the configuration web pages include:
/status/status_ov.html : name, SN, Management VLAN, Subnet Mask, Gateway IP, MAC Link status/Ethernet details of all ports /system/system_smac.html : MAC/VLANID static configuration /ports/ports_rl.html : Rate limiting /ports/ports_bsc.html : Storm control /ports/ports_mir.html : Port mirroring /trunks/trunks_mem.html : Trunks port membership /trunks/lacp.html : LACP port configuration /trunks/lacpstatus.html : LACP status /vlans/vlan_mconf.html : Defined VLANIDs overview /vlans/vlan_pconf.html : VLAN per port configuration /qos/qos_conf.html : 802.1p/DSCP QoS settings /rstp/rstp.html : RSTP configuration /rstp/rstpstatus.html : RSTP status /dot1x/dot1x.html : 802.1x configuration (Radius IP/port, RADIUS secret key, per port settings) /security/security.html : Static/DHCP per port IP address policy /security/security_port.html: Per port MAC based IDS/IPS /security/security_acl.html : Management ACL /igmps/igmpconf.html : IGMP Snooping/Querying configuration /igmps/igmpstat.html : IGMS Snoop status /snmp/snmp.html : SNMP configuration (Read/Trap community passwords)
Impact
An unauthenticated attacker may be able to use administrative functions and manage the switch remotely.
Solution
We are currently unaware of a practical solution to this problem. The vendor has stated this product is end-of-life and not supported. Please consider the following workarounds
Restrict Access
Appropriate firewall rules should be enabled to limit access to only trusted users and sources.
Vendor Information
377915
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
SMC Networks, Inc. __ Affected
Notified: May 22, 2012 Updated: July 11, 2012
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The SMC8024L2 switch is end-of-life and not supported by the vendor.
Vendor References
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 8.1 | E:POC/RL:U/RC:UC |
| Environmental | 8.1 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
http://www.smc.com/index.cfm?event=viewProduct&cid=8&scid=44&localeCode=EN_USA&pid=1542
Acknowledgements
Thanks to Elio Torrisi for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
| CVE IDs: | CVE-2012-2974 |
|---|---|
| Date Public: | 2012-07-11 Date First Published: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
77.3%