Sign-up

ID

VAR-200210-0044


CVE

CVE-2002-1147


TITLE

HP Procurve 4000M Switch Device Reset Service Rejection Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200210-248

DESCRIPTION

The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. When multiple Procurve switches are used interconnected, it is common for an administrator to enable a feature allowing each switch to be viewed through a single interface, accessible via the web. It has been reported that HP Procurve Switches are vulnerable to a denial of service attack, when used in a "stack" configuration. It is possible for an attacker to reset member switches by issuing a device reset command to a vulnerable device. Vulnerable devices do not require authentication before accepting this command. It should be noted that the web interface is not enabled by default

Trust: 1.26

sources: NVD: CVE-2002-1147 // BID: 5784 // VULHUB: VHN-5535

AFFECTED PRODUCTS

vendor:hpmodel:procurve switch 4000mscope:lteversion:c.09.15

Trust: 1.0

vendor:hpmodel:procurve switch 4000mscope:eqversion:c.09.15

Trust: 0.6

vendor:hpmodel:procurve switch 8000mscope: - version: -

Trust: 0.3

vendor:hpmodel:procurve switch 4000mscope: - version: -

Trust: 0.3

vendor:hpmodel:procurve switch 2424mscope: - version: -

Trust: 0.3

vendor:hpmodel:procurve switch 2400mscope:eqversion:0

Trust: 0.3

vendor:hpmodel:procurve switch 2400mscope: - version: -

Trust: 0.3

vendor:hpmodel:procurve switch 1600mscope: - version: -

Trust: 0.3

sources: BID: 5784 // CNNVD: CNNVD-200210-248 // NVD: CVE-2002-1147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1147
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200210-248
value: HIGH

Trust: 0.6

VULHUB: VHN-5535
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-1147
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-5535
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-5535 // CNNVD: CNNVD-200210-248 // NVD: CVE-2002-1147

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1147

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-248

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200210-248

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-5535

EXTERNAL IDS
db:BIDid:5784
Trust: 2.0
db:NVDid:CVE-2002-1147
Trust: 2.0
db:CNNVDid:CNNVD-200210-248
Trust: 0.7
db:HPid:HPSBUX0209-219
Trust: 0.6
db:XFid:10172
Trust: 0.6
db:BUGTRAQid:20020924 HP PROCURVE 4000M STACKED SWITCH HTTP RESET VULNERABILITY
Trust: 0.6
db:EXPLOIT-DBid:21828
Trust: 0.1
db:SEEBUGid:SSVID-75648
Trust: 0.1
db:VULHUBid:VHN-5535
Trust: 0.1
sources:
            
            
            VULHUB: VHN-5535 // 
            
            
            
            BID: 5784 // 
            
            
            
            CNNVD: CNNVD-200210-248 // 
            
            
            
            NVD: CVE-2002-1147

REFERENCES
url:http://www.securityfocus.com/bid/5784
Trust: 1.7
url:http://online.securityfocus.com/advisories/4501
Trust: 1.7
url:http://www.tech-serve.com/research/advisories/2002/a092302-1.txt
Trust: 1.7
url:http://www.iss.net/security_center/static/10172.php
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=103287951910420&w=2
Trust: 1.1
url:http://marc.theaimsgroup.com/?l=bugtraq&m=103287951910420&w=2
Trust: 0.6
sources:
            
            
            VULHUB: VHN-5535 // 
            
            
            
            CNNVD: CNNVD-200210-248 // 
            
            
            
            NVD: CVE-2002-1147

CREDITS
Discovery credited to Brook Powers and Tony Kapela.
Trust: 0.9
sources:
            
            
            BID: 5784 // 
            
            
            
            CNNVD: CNNVD-200210-248

SOURCES
db:VULHUBid:VHN-5535
db:BIDid:5784
db:CNNVDid:CNNVD-200210-248
db:NVDid:CVE-2002-1147

LAST UPDATE DATE
2025-04-03T22:27:22.655000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-5535date:2016-10-18T00:00:00
db:BIDid:5784date:2009-07-11T17:06:00
db:CNNVDid:CNNVD-200210-248date:2007-05-07T00:00:00
db:NVDid:CVE-2002-1147date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:VULHUBid:VHN-5535date:2002-10-11T00:00:00
db:BIDid:5784date:2002-09-24T00:00:00
db:CNNVDid:CNNVD-200210-248date:2002-10-11T00:00:00
db:NVDid:CVE-2002-1147date:2002-10-11T04:00:00