HP AdvanceStack 10Base-T Switching Hub could allow an attacker to bypass authentication

hp-advancestack-bypass-auth (8124) The risk level is classified as HighHigh Risk

Description:

A vulnerability in Hewlett-Packard's AdvanceStack 10Base-T Switching Hub model J3210A could allow a remote attacker to bypass authentication and gain unauthorized access to the device. A remote attacker could gain unauthorized access to the 'web_access.html' administrative page and change the superuser password to modify the configuration details of the affected device.


Consequences:

Gain Access

Remedy:

No remedy available as of September 1, 2014.

References:

  • Hewlett-Packard Company Security Bulletin HPSBUX0202-185: Sec. Vulnerability with HP AdvanceStack hubs. (From SecurityFocus archive.)
  • SecurityOffice Advisory, February 8, 2002: HP AdvanceStack Switch Managment Authentication Bypass Vulnerability.
  • BID-4062: HP AdvanceStack Switch Authentication Bypass Vulnerability
  • CVE-2002-0250: Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.
  • OSVDB ID: 5339: HP AdvanceStack Hub Web Config Utility web_access.html Authentication Bypass

Platforms Affected:

  • HP AdvanceStack 10base-T Switching Hub J3210a

Reported:

Feb 08, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page