Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20121025-01
HistoryOct 25, 2012 - 12:00 a.m.

Security Advisory - SNMP vulnerability on Huawei multiple products

2012-10-2500:00:00
Huawei Technologies
www.huawei.com
106

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.9%

JSON

In some of Huawei products as affected products list below, there are MIBs which support the query of the local user account and password. However, the security authentication protection for SNMP V1 and V2 is not enough, which leads to the risk that the user account and password can be disclosed through SNMP (HWNSIRT-2012-1017).

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2012-3268.

Affected configurations

Vulners
Node
huaweis2300Matchv100r006c03
OR
huaweis2700Matchv100r006c03
OR
huaweis3300Matchv100r006c03
OR
huaweis3700Matchv100r006c03
OR
huaweis3300hiMatchv200r001c00spc300
OR
huaweis5300hiMatchv200r001c00spc300
OR
huaweis5300Matchv200r001c00spc300
OR
huaweis5306Matchv200r001c00spc300
OR
huaweis5700Matchv200r001c00spc300
OR
huaweis6300Matchv200r001c00spc300
OR
huaweis6700Matchv200r001c00spc300
OR
huaweis7700Matchv200r001c00spc300
OR
huaweis9300Matchv200r001c00spc300
OR
huaweiar1200Matchv200r002c01spc200
OR
huaweiar1200Matchv200r002spc002
OR
huaweiar2200Matchv200r002c01spc200
OR
huaweiar2200Matchv200r002spc002
OR
huaweiar3200Matchv200r002c01spc200
OR
huaweiar3200Matchv200r002spc002
OR
huaweieudemon1000e-xMatchv300r001c00spc500
OR
huaweiusg5500Matchv300r001c00spc500
OR
huaweie200e-cMatchv300r001c00spc500
OR
huaweif\&x3\&x5\&x7Matchv300r001c00spc500
OR
huaweiusg2200Matchv300r001c00spc500
OR
huaweie200e-b\&x1\&x2Matchv300r001c00spc500
OR
huaweiusg2100Matchv300r001c00spc500
OR
huaweiegw2100\&2200\&3200Matchv300r001c00spc500
OR
huawei5500Matchv200r001c01spc200
OR
huaweinip2100\&2200\&5100Matchv100r001c01spc200
OR
huaweiatnMatchv200r001c02
OR
huaweine5000eMatchv800r003c00spc600
OR
huaweine40e\&80eMatchv600r005c00spcb00
OR
huaweine40e\&80eMatchpatch\v600r005sph016
OR
huaweine40e\&80eMatchpatch\v600r003sph017
OR
huaweime60Matchv600r005c00spcb00
OR
huaweime60Matchpatch\v600r005sph016
OR
huaweicx600Matchv600r005c00spcb00
OR
huaweicx600Matchpatch\v600r005sph016
OR
huaweicx600Matchpatch\v600r003sph017
OR
huaweine20e-x6Matchpatch\v600r003sph017
OR
huaweiugw9811Matchpatch\v900r009c01hp0003
OR
huaweiggsn9811Matchpatch\v900r009c01hp0003
OR
huaweipdsn9660Matchpatch\v900r007c05sph312

Related

cve 1
prion 1
cert 1
securityvulns 3
cvelist 1
nvd 1
nessus 1
cve
cve
CVE-2012-3268
2013-02-01 11:49:52
prion
prion
Improper access control
2013-02-01 11:49:00
cert
cert
HP/H3C and Huawei networking equipment h3c-user snmp vulnerability
2012-10-24 00:00:00
securityvulns
securityvulns
HP/H3C and Huawei SNMP Weak Access to Critical Data
2012-10-28 00:00:00
HP/H3C / Huawei equipment information leakage
2012-10-28 00:00:00
[security bulletin] HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information
2012-10-28 00:00:00
cvelist
cvelist
CVE-2012-3268
2013-02-01 11:00:00
nvd
nvd
CVE-2012-3268
2013-02-01 11:49:52
nessus
nessus
HP/H3C and Huawei SNMP User Data Information Disclosure
2012-10-30 00:00:00

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.9%

JSON
Related for HUAWEI-SA-20121025-01
cve1prion1cert1securityvulns3cvelist1nvd1nessus1