Reported February 8, 2002, by Tamer Sahin.
VERSION AFFECTED
· Hewlett-Packard Advancestack J3210A Switching Hub
DESCRIPTION
An
access validation vulnerability exists in Hewlett-Packard's (HP's) Advancestack
J3210A Switching Hub that lets an unprivileged user reconfigure the device by
connecting to the device's switch management URL at http://somehost/security/web_access.html.
VENDOR RESPONSE
The vendor, HP, has been notified but hasn't issued a patch.
CREDIT
Discovered by Tamer Sahin of Security
Office
0 comments
Hide comments