Sign-up

ID

VAR-201306-0210


CVE

CVE-2012-6571


TITLE

Huawei of AR Vulnerability to hijack sessions in router and switch products

Trust: 0.8

sources: JVNDB: JVNDB-2012-006008

DESCRIPTION

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack. Huawei AR routers and Huawei S series switches are network devices of Huawei products. Conversation. An attacker can exploit this issue to gain unauthorized access to the affected device. Huawei Access Router (AR) is a low-end router product developed by Huawei in China. This product provides mobile and fixed network access methods, suitable for enterprise networks. Predictable session ID value

Trust: 2.7

sources: NVD: CVE-2012-6571 // JVNDB: JVNDB-2012-006008 // CNVD: CNVD-2013-08071 // BID: 60713 // IVD: e444d314-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-59852

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e444d314-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-08071

AFFECTED PRODUCTS

vendor:huaweimodel:ar 18-1xscope:lteversion:r0130

Trust: 1.8

vendor:huaweimodel:ar 18-2xscope:lteversion:r1712

Trust: 1.8

vendor:huaweimodel:ar 18-3xscope:lteversion:r0118

Trust: 1.8

vendor:huaweimodel:s3300hiscope:eqversion:r6305

Trust: 1.6

vendor:huaweimodel:s3500scope:eqversion:r6305

Trust: 1.6

vendor:huaweimodel:s3700scope:eqversion:r6305

Trust: 1.6

vendor:huaweimodel:s5600scope:eqversion:r6305

Trust: 1.6

vendor:huaweimodel:s3300scope:eqversion:r6305

Trust: 1.6

vendor:huaweimodel:s7800scope:eqversion:r6305

Trust: 1.6

vendor:huaweimodel:s8500scope:eqversion:r1631

Trust: 1.6

vendor:huaweimodel:s5100scope:eqversion:r6305

Trust: 1.6

vendor:huaweimodel:s8500scope:eqversion:r1632

Trust: 1.6

vendor:huaweimodel:s3900scope:eqversion:r6305

Trust: 1.6

vendor:huaweimodel:s2000scope: - version: -

Trust: 1.4

vendor:huaweimodel:s3000scope: - version: -

Trust: 1.4

vendor:huaweimodel:s3500scope: - version: -

Trust: 1.4

vendor:huaweimodel:s3900scope: - version: -

Trust: 1.4

vendor:huaweimodel:s5100scope: - version: -

Trust: 1.4

vendor:huaweimodel:s5600scope: - version: -

Trust: 1.4

vendor:huaweimodel:s2000scope:eqversion:r6305

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:r6305

Trust: 1.0

vendor:huaweimodel:ar 28\/46scope:lteversion:r0311

Trust: 1.0

vendor:huaweimodel:s3000scope:eqversion:r6305

Trust: 1.0

vendor:huaweimodel:ar 19\/29\/49scope:lteversion:r2207

Trust: 1.0

vendor:huaweimodel:s2300scope:eqversion:r6305

Trust: 1.0

vendor:huaweimodel:ar 19/29/49scope:lteversion:r2207 \\\\ k

Trust: 0.8

vendor:huaweimodel:ar 28/46scope:lteversion:r0311 \\\\ k

Trust: 0.8

vendor:huaweimodel:ar routersscope: - version: -

Trust: 0.6

vendor:huaweimodel:s7800scope: - version: -

Trust: 0.6

vendor:huaweimodel:s8500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s8500scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s7800scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s5600scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s5100scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s3900scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s3500scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s3000scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:s2000scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar49scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar46scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar29scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar28scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar19scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar18-3xscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar18-2xscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:ar18-1xscope:eqversion:0

Trust: 0.3

vendor:ar 18 1xmodel: - scope:eqversion:*

Trust: 0.2

vendor:ar 18 2xmodel: - scope:eqversion:*

Trust: 0.2

vendor:ar 18 3xmodel: - scope:eqversion:*

Trust: 0.2

vendor:ar 19 29 49model: - scope:eqversion:*

Trust: 0.2

vendor:ar 28 46model: - scope:eqversion:*

Trust: 0.2

vendor:s2000model:r6305scope: - version: -

Trust: 0.2

vendor:s2300model:r6305scope: - version: -

Trust: 0.2

vendor:s2700model:r6305scope: - version: -

Trust: 0.2

vendor:s3000model:r6305scope: - version: -

Trust: 0.2

vendor:s3300model:r6305scope: - version: -

Trust: 0.2

vendor:s3300himodel:r6305scope: - version: -

Trust: 0.2

vendor:s3500model:r6305scope: - version: -

Trust: 0.2

vendor:s3700model:r6305scope: - version: -

Trust: 0.2

vendor:s3900model:r6305scope: - version: -

Trust: 0.2

vendor:s5100model:r6305scope: - version: -

Trust: 0.2

vendor:s5600model:r6305scope: - version: -

Trust: 0.2

vendor:s7800model:r6305scope: - version: -

Trust: 0.2

vendor:s8500model:r1631scope: - version: -

Trust: 0.2

vendor:s8500model:r1632scope: - version: -

Trust: 0.2

sources: IVD: e444d314-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-08071 // BID: 60713 // JVNDB: JVNDB-2012-006008 // CNNVD: CNNVD-201306-407 // NVD: CVE-2012-6571

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-6571
value: HIGH

Trust: 1.0

NVD: CVE-2012-6571
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-08071
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201306-407
value: HIGH

Trust: 0.6

IVD: e444d314-2352-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-59852
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-6571
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-08071
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e444d314-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-59852
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: e444d314-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-08071 // VULHUB: VHN-59852 // JVNDB: JVNDB-2012-006008 // CNNVD: CNNVD-201306-407 // NVD: CVE-2012-6571

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-59852 // JVNDB: JVNDB-2012-006008 // NVD: CVE-2012-6571

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-407

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201306-407

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-006008

PATCH
title:Huawei-SA-20120808-01-HTTP-Moduleurl:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm
Trust: 0.8
title:Huawei AR router and switch HTTP module session ID predictable vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/34803
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-08071 // 
            
            
            
            JVNDB: JVNDB-2012-006008

EXTERNAL IDS
db:NVDid:CVE-2012-6571
Trust: 3.6
db:BIDid:60713
Trust: 1.0
db:CNNVDid:CNNVD-201306-407
Trust: 0.9
db:CNVDid:CNVD-2013-08071
Trust: 0.8
db:JVNDBid:JVNDB-2012-006008
Trust: 0.8
db:IVDid:E444D314-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-59852
Trust: 0.1
sources:
            
            
            IVD: e444d314-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-08071 // 
            
            
            
            VULHUB: VHN-59852 // 
            
            
            
            BID: 60713 // 
            
            
            
            JVNDB: JVNDB-2012-006008 // 
            
            
            
            CNNVD: CNNVD-201306-407 // 
            
            
            
            NVD: CVE-2012-6571

REFERENCES
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6571
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6571
Trust: 0.8
url:http://www.huawei.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-08071 // 
            
            
            
            VULHUB: VHN-59852 // 
            
            
            
            BID: 60713 // 
            
            
            
            JVNDB: JVNDB-2012-006008 // 
            
            
            
            CNNVD: CNNVD-201306-407 // 
            
            
            
            NVD: CVE-2012-6571

CREDITS
Felix Lindner of Recurity Labs GmbH
Trust: 0.3
sources:
            
            
            BID: 60713

SOURCES
db:IVDid:e444d314-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-08071
db:VULHUBid:VHN-59852
db:BIDid:60713
db:JVNDBid:JVNDB-2012-006008
db:CNNVDid:CNNVD-201306-407
db:NVDid:CVE-2012-6571

LAST UPDATE DATE
2024-08-14T14:28:03.064000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-08071date:2013-06-25T00:00:00
db:VULHUBid:VHN-59852date:2013-09-02T00:00:00
db:BIDid:60713date:2012-08-04T00:00:00
db:JVNDBid:JVNDB-2012-006008date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201306-407date:2013-06-21T00:00:00
db:NVDid:CVE-2012-6571date:2013-09-02T06:29:24.353

SOURCES RELEASE DATE
db:IVDid:e444d314-2352-11e6-abef-000c29c66e3ddate:2013-06-25T00:00:00
db:CNVDid:CNVD-2013-08071date:2013-06-25T00:00:00
db:VULHUBid:VHN-59852date:2013-06-20T00:00:00
db:BIDid:60713date:2012-08-04T00:00:00
db:JVNDBid:JVNDB-2012-006008date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201306-407date:2013-06-21T00:00:00
db:NVDid:CVE-2012-6571date:2013-06-20T15:55:00.983