exploitDog

CVE-2012-5968

Опубликовано: 19 дек. 2012

Источник: nvd

CVSS2: 4.8

EPSS Низкий

Описание

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network.

Ссылки

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm
Vendor Advisory
http://www.kb.cert.org/vuls/id/871148
US Government Resource
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm
Vendor Advisory
http://www.kb.cert.org/vuls/id/871148
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:huawei:e585:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:e585u-82:-:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00076

Низкий

4.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-wh9h-wx2c-xrf9

github

больше 3 лет назад

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network.

EPSS

Процентиль: 23%

0.00076

Низкий

4.8 Medium

CVSS2

Дефекты

CWE-20