CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
77.3%
The SMC8024L2 switch does not require authentication for the web interface configuration pages if they are visited with a direct URL.
The SMC8024L2 switch does not require authentication for the web interface configuration pages if they are visited with a direct URL. An unauthenticated attacker can retrieve all configuration pages from the web management GUI.
Examples of the configuration web pages include:
/status/status_ov.html : name, SN, Management VLAN, Subnet Mask, Gateway IP, MAC Link status/Ethernet details of all ports /system/system_smac.html : MAC/VLANID static configuration /ports/ports_rl.html : Rate limiting /ports/ports_bsc.html : Storm control /ports/ports_mir.html : Port mirroring /trunks/trunks_mem.html : Trunks port membership /trunks/lacp.html : LACP port configuration /trunks/lacpstatus.html : LACP status /vlans/vlan_mconf.html : Defined VLANIDs overview /vlans/vlan_pconf.html : VLAN per port configuration /qos/qos_conf.html : 802.1p/DSCP QoS settings /rstp/rstp.html : RSTP configuration /rstp/rstpstatus.html : RSTP status /dot1x/dot1x.html : 802.1x configuration (Radius IP/port, RADIUS secret key, per port settings) /security/security.html : Static/DHCP per port IP address policy /security/security_port.html: Per port MAC based IDS/IPS /security/security_acl.html : Management ACL /igmps/igmpconf.html : IGMP Snooping/Querying configuration /igmps/igmpstat.html : IGMS Snoop status /snmp/snmp.html : SNMP configuration (Read/Trap community passwords)
An unauthenticated attacker may be able to use administrative functions and manage the switch remotely.
We are currently unaware of a practical solution to this problem. The vendor has stated this product is end-of-life and not supported. Please consider the following workarounds
Restrict Access
Appropriate firewall rules should be enabled to limit access to only trusted users and sources.
377915
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 22, 2012 Updated: July 11, 2012
Affected
We have not received a statement from the vendor.
The SMC8024L2 switch is end-of-life and not supported by the vendor.
Group | Score | Vector |
---|---|---|
Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 8.1 | E:POC/RL:U/RC:UC |
Environmental | 8.1 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
http://www.smc.com/index.cfm?event=viewProduct&cid=8&scid=44&localeCode=EN_USA&pid=1542
Thanks to Elio Torrisi for reporting this vulnerability.
This document was written by Jared Allar.
CVE IDs: | CVE-2012-2974 |
---|---|
Date Public: | 2012-07-11 Date First Published: |