CVSS: 6.5EPSS: 0%CPEs: 87EXPL: 0CVE-2015-5434
https://notcve.org/view.php?id=CVE-2015-5434
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping." HPE Networking Products, marcados originalmente como Comware 5, Comware 7, H3C o HP, permiten a atacantes remotos eludir las restricciones destinadas al acceso o provocar una denegación de servicio a través de "Virtual routing and forwarding (VRF) hopping." • http://www.securityfocus.com/bid/79869 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 687EXPL: 0CVE-2012-3268
https://notcve.org/view.php?id=CVE-2012-3268
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. Determinados HP Access Controller, Fabric Module, Firewall, Router, Switch, y productos UTM Appliance; algunos productos HP 3Com Access Controller, Router, Switch; algunos HP H3C Access Controller, Firewall, Router, Switch, y Switch y Route Processing Unit ; y determinados productos Huawei Firewall/Gateway, Router, Switch, y Wireless no implementan un control de acceso adecuado definido en defined en h3c-user.mib 2.0 y hh3c-user.mib 2.0, lo que permite a usuarios autenticados remotamente descubrir credenciales en los valores de UserInfoEntry a través de peticiones SNMP con la comunidad "read-only". • http://archives.neohapsis.com/archives/bugtraq/2012-10/0123.html http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515685 http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000001165&idAbsPath=0301_10001&nameAbsPath=Services%2520News http://support.huawei.com/support/pages/news/NewsInfoAction.do?doc_id=IN0000054930&colID=ROOTENWEB%7CCO0000000170&actionFlag=view http://www.kb.cert.org&#x • CWE-522: Insufficiently Protected Credentials •