Details of VAR-200205-0047

ID

VAR-200205-0047

CVE

CVE-2002-0250

TITLE

HP AdvanceStack Switch Bypass management authentication vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200205-056

DESCRIPTION

Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password. HP AdvanceStack 10Base-T Switching Hubs combine 10Base-T functionality with the performance of switching. It has been reported that authentication for HP J3210A 10Base-T Switching Hubs may be bypassed by an unprivileged user who accesses one of the administrative web pages directly. The attacker may allegedly change the superuser password of the device via this interface and gain access to the administrative facilities of the device. Additionally, authentication credentials are disclosed to the attacker. *Reportedly, the password is stored in plain text and can be revealed by viewing the source of the web page

Trust: 1.26

sources: NVD: CVE-2002-0250 // BID: 4062 // VULHUB: VHN-4643

AFFECTED PRODUCTS

vendor:	hp	model:	advancestack 10base-t switching hub j3202a	scope:	eq	version:	a.03.07	Trust: 1.6
vendor:	hp	model:	advancestack 10base-t switching hub j3200a	scope:	eq	version:	a.03.07	Trust: 1.6
vendor:	hp	model:	advancestack 10base-t switching hub j3203a	scope:	eq	version:	a.03.07	Trust: 1.6
vendor:	hp	model:	advancestack 10base-t switching hub j3210a	scope:	eq	version:	a.03.07	Trust: 1.6
vendor:	hp	model:	advancestack 10base-t switching hub j3204a	scope:	eq	version:	a.03.07	Trust: 1.6
vendor:	hp	model:	advancestack 10base-t switching hub j3201a	scope:	eq	version:	a.03.07	Trust: 1.6
vendor:	hp	model:	advancestack 10base-t switching hub j3205a	scope:	eq	version:	a.03.07	Trust: 1.6
vendor:	hp	model:	advancestack 10base-t switching hub j3210a a.03.07	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	advancestack 10base-t switching hub j3205a a.03.07	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	advancestack 10base-t switching hub j3204a a.03.07	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	advancestack 10base-t switching hub j3203a a.03.07	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	advancestack 10base-t switching hub j3202a a.03.07	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	advancestack 10base-t switching hub j3201a a.03.07	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	advancestack 10base-t switching hub j3200a a.03.07	scope:	-	version:	-	Trust: 0.3

sources: BID: 4062 // CNNVD: CNNVD-200205-056 // NVD: CVE-2002-0250

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0250
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200205-056
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4643
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-0250
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4643
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4643 // CNNVD: CNNVD-200205-056 // NVD: CVE-2002-0250

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0250

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200205-056

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200205-056

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-4643

EXTERNAL IDS

db:	BID	id:	4062	Trust: 2.0
db:	NVD	id:	CVE-2002-0250	Trust: 1.7
db:	CNNVD	id:	CNNVD-200205-056	Trust: 0.7
db:	BUGTRAQ	id:	20020208 HEWLETT PACKARD ADVANCESTACK SWITCH MANAGMENT AUTHENTICATION BYPASS VULNERABILITY	Trust: 0.6
db:	XF	id:	8124	Trust: 0.6
db:	HP	id:	HPSBUX0202-185	Trust: 0.6
db:	EXPLOIT-DB	id:	21285	Trust: 0.1
db:	VULHUB	id:	VHN-4643	Trust: 0.1

sources: VULHUB: VHN-4643 // BID: 4062 // CNNVD: CNNVD-200205-056 // NVD: CVE-2002-0250

REFERENCES

url:	http://www.securityfocus.com/bid/4062	Trust: 1.7
url:	http://online.securityfocus.com/advisories/3870	Trust: 1.7
url:	http://www.iss.net/security_center/static/8124.php	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=101318469216213&w=2	Trust: 1.1
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=101318469216213&w=2	Trust: 0.6
url:	http://www.hp.com/cposupport/nonjsnav/hpadvances50727.html	Trust: 0.3
url:	http://www.securityoffice.net/articles/hp/	Trust: 0.3
url:	-	Trust: 0.1

sources: VULHUB: VHN-4643 // BID: 4062 // CNNVD: CNNVD-200205-056 // NVD: CVE-2002-0250

CREDITS

Tamer Sahin※ ts@securityoffice.net

Trust: 0.6

sources: CNNVD: CNNVD-200205-056

SOURCES

db:	VULHUB	id:	VHN-4643
db:	BID	id:	4062
db:	CNNVD	id:	CNNVD-200205-056
db:	NVD	id:	CVE-2002-0250

LAST UPDATE DATE

2025-04-03T22:37:38.016000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4643	date:	2016-10-18T00:00:00
db:	BID	id:	4062	date:	2002-02-08T00:00:00
db:	CNNVD	id:	CNNVD-200205-056	date:	2005-08-17T00:00:00
db:	NVD	id:	CVE-2002-0250	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4643	date:	2002-05-29T00:00:00
db:	BID	id:	4062	date:	2002-02-08T00:00:00
db:	CNNVD	id:	CNNVD-200205-056	date:	2002-02-08T00:00:00
db:	NVD	id:	CVE-2002-0250	date:	2002-05-29T04:00:00