PT-2002-2143 · Hewlett Packard · Hp Procurve Switch 4000M

Published

2002-10-11

Updated

2016-10-18

CVE-2002-1147

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: HP Procurve 4000M Switch firmware versions prior to C.09.16

Description: The issue concerns the HTTP administration interface of the HP Procurve 4000M Switch. Specifically, it does not authenticate requests to reset the device when stacking features and remote administration are enabled. This allows remote attackers to cause a denial of service by sending a direct request to the "device reset CGI program".

Recommendations: For HP Procurve 4000M Switch firmware versions prior to C.09.16, update to version C.09.16 or later to resolve the issue. As a temporary workaround, consider disabling remote administration until a patch is available. Restrict access to the device reset CGI program to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1147

Affected Products

Hp Procurve Switch 4000M

PT-2002-2143 · Hewlett Packard · Hp Procurve Switch 4000M

CVE-2002-1147

Related Identifiers

Affected Products

References · 7