CVE-2002-1147

Name of the Vulnerable Software and Affected Versions: HP Procurve 4000M Switch firmware versions prior to C.09.16

Description: The issue concerns the HTTP administration interface of the HP Procurve 4000M Switch. Specifically, it does not authenticate requests to reset the device when stacking features and remote administration are enabled. This allows remote attackers to cause a denial of service by sending a direct request to the "device reset CGI program".

Recommendations: For HP Procurve 4000M Switch firmware versions prior to C.09.16, update to version C.09.16 or later to resolve the issue. As a temporary workaround, consider disabling remote administration until a patch is available. Restrict access to the device reset CGI program to minimize the risk of exploitation.