Lucene search

MitreCVE-2012-6571

HistoryJun 20, 2013 - 3:55 p.m.

CVE-2012-6571

2013-06-2015:55:00

CWE-310

mitre

web.nvd.nist.gov

huawei

ar routers

s2000

s3000

s3500

s3900

s5100

s5600

s7800

branch intelligent management system

bims

web management

session id

predictable

hijack

brute-force

nvd

cve-2012-6571

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

Affected configurations

Nvd

Node

huaweiar_18-1xRange≤r0130

huaweiar_18-2xRange≤r1712

huaweiar_18-3xRange≤r0118

huaweiar_19\/29\/49Range≤r2207

huaweiar_28\/46Range≤r0311

Node

huaweis2000Matchr6305

huaweis2300Matchr6305

huaweis2700Matchr6305

huaweis3000Matchr6305

huaweis3300Matchr6305

huaweis3300hiMatchr6305

huaweis3500Matchr6305

huaweis3700Matchr6305

huaweis3900Matchr6305

huaweis5100Matchr6305

huaweis5600Matchr6305

huaweis7800Matchr6305

huaweis8500Matchr1631

huaweis8500Matchr1632

VendorProductVersionCPE
huaweiar_18-1x*cpe:2.3:h:huawei:ar_18-1x:*:*:*:*:*:*:*:*
huaweiar_18-2x*cpe:2.3:h:huawei:ar_18-2x:*:*:*:*:*:*:*:*
huaweiar_18-3x*cpe:2.3:h:huawei:ar_18-3x:*:*:*:*:*:*:*:*
huaweiar_19\/29\/49*cpe:2.3:h:huawei:ar_19\/29\/49:*:*:*:*:*:*:*:*
huaweiar_28\/46*cpe:2.3:h:huawei:ar_28\/46:*:*:*:*:*:*:*:*
huaweis2000r6305cpe:2.3:h:huawei:s2000:r6305:*:*:*:*:*:*:*
huaweis2300r6305cpe:2.3:h:huawei:s2300:r6305:*:*:*:*:*:*:*
huaweis2700r6305cpe:2.3:h:huawei:s2700:r6305:*:*:*:*:*:*:*
huaweis3000r6305cpe:2.3:h:huawei:s3000:r6305:*:*:*:*:*:*:*
huaweis3300r6305cpe:2.3:h:huawei:s3300:r6305:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	ar_18-1x	*	cpe:2.3:h:huawei:ar_18-1x::::::::
huawei	ar_18-2x	*	cpe:2.3:h:huawei:ar_18-2x::::::::
huawei	ar_18-3x	*	cpe:2.3:h:huawei:ar_18-3x::::::::
huawei	ar_19\/29\/49	*	cpe:2.3:h:huawei:ar_19\/29\/49::::::::
huawei	ar_28\/46	*	cpe:2.3:h:huawei:ar_28\/46::::::::
huawei	s2000	r6305	cpe:2.3:h:huawei:s2000:r6305:::::::*
huawei	s2300	r6305	cpe:2.3:h:huawei:s2300:r6305:::::::*
huawei	s2700	r6305	cpe:2.3:h:huawei:s2700:r6305:::::::*
huawei	s3000	r6305	cpe:2.3:h:huawei:s3000:r6305:::::::*
huawei	s3300	r6305	cpe:2.3:h:huawei:s3300:r6305:::::::*

Rows per page:

1-10 of 191

References

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON

Related for CVE-2012-6571