CVE-2012-5968

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network.

CVSS v2.0 4.8 MEDIUM

4.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 6.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm	Vendor Advisory
http://www.kb.cert.org/vuls/id/871148	US Government Resource
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm	Vendor Advisory
http://www.kb.cert.org/vuls/id/871148	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:huawei:e585:-:::::::*
	cpe:2.3:h:huawei:e585u-82:-:::::::*

History

21 Nov 2024, 01:45

Type	Values Removed	Values Added
References	~~() http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm - Vendor Advisory~~	() http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm - Vendor Advisory
References	~~() http://www.kb.cert.org/vuls/id/871148 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/871148 - US Government Resource

Information

Published : 2012-12-19 11:55

Updated : 2024-11-21 01:45

NVD link : CVE-2012-5968

Mitre link : CVE-2012-5968

CVE.ORG link : CVE-2012-5968

JSON object : View

Products Affected

huawei

e585u-82
e585

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2012-5968", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-12-19T11:55:59.750", "references": [{"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/871148", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/871148", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network."}, {"lang": "es", "value": "El dispositivo Huawei E585 no valida el estado de las sesiones de administraci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible del usuario y el ID de sesi\u00f3n y modificar datos, aprovech\u00e1ndose del acceso a la red inal\u00e1mbrica.\r\n"}], "lastModified": "2024-11-21T01:45:37.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:e585:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22225E7E-2877-4BE9-A642-1A80A42DBA87"}, {"criteria": "cpe:2.3:h:huawei:e585u-82:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "985BF1C4-4154-452E-B362-E014E8EC67F8"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}