PROBLEM:
3Com, HP, and H3C Switches SNMP Configuration Lets Remote Users Take Administrative Actions
PLATFORM:
3COM, and H3C Routers & Switches
Specific products and model numbers is provided in the vendor's advisory.
ABSTRACT:
A vulnerability was reported in 3Com, HP, and H3C Switches.
REFERENCE LINKS:
HP Support document ID: c03515685
SecurityTracker Alert ID: 1027694
CVE-2012-3268
IMPACT ASSESSMENT:
High
DISCUSSION:
A remote user with knowledge of the SNMP public community string can access potentially sensitive data (e.g., user names, passwords) in the h3c-user.mib and hh3c-user.mib MIBs via SNMP and then use that data to take control of the target device.
IMPACT:
A remote user can take administrative actions on the target system.