Vulnerability Note VU#225404
HP/H3C and Huawei networking equipment h3c-user snmp vulnerability
HP/H3C and Huawei networking equipment contains a vulnerability which could allow an attacker to access administrative functions of the device using systems network management protocol (SNMP) requests.
According to the researcher's report.:
"HP/H3C and Huawei networking equipment suffers from a serious weakness in regards to their handling of Systems Network Management Protocol (SNMP) requests for protected h3c-user.mib and hh3c-user.mib objects.
Additional information can be found in the researcher's report
A remote unauthenticated attacker can access administrative functions of the device using systems network management protocol (SNMP) requests.
According to the researcher's report:
Use complex SNMP community strings or disable SNMPv1
Have disabled the mib entries for (h)h3c-user
Block SNMP using access controls or firewalls
Do not define local users, use RADIUS or TACACS+
More specific routines can be found in the vendor's release."
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett-Packard Company||Affected||06 Aug 2012||24 Oct 2012|
|Huawei Technologies||Affected||-||26 Oct 2012|
|3com Inc||Unknown||06 Aug 2012||06 Aug 2012|
CVSS Metrics (Learn More)
Thanks to Kurt Grutzmacher for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-3268
- Date Public: 23 Oct 2012
- Date First Published: 24 Oct 2012
- Date Last Updated: 26 Oct 2012
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.