Sign-up

ID

VAR-200705-0549


CVE

CVE-2007-2502


TITLE

HP ProCurve 9300m Service operation disruption in series switches (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-003805

DESCRIPTION

Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015. This vulnerability CVE-2006-4015 It is a vulnerability of a different switch series.Service disruption by a third party (DoS) There is a possibility of being put into a state. This issue most likely occurs because the device fails to properly sanitize user-supplied input. An attacker can exploit this issue to crash an affected device, effectively denying service to legitimate users. This issue affects HP ProCurve 9300m Switches running software versions 08.0.01c to 08.0.01j. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerability is caused due to an unspecified error, which can be exploited to cause a DoS. No more information is currently available. The vulnerability is reported in versions 8.0.01c \x96 08.0.01j. SOLUTION: Install software version 07.8.03. http://www.hp.com/rnd/software/switches.htm PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01034753 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-2502 // JVNDB: JVNDB-2007-003805 // BID: 23791 // VULHUB: VHN-25864 // PACKETSTORM: 56444

AFFECTED PRODUCTS

vendor:hpmodel:procurve switch 9300mscope:eqversion:08.0.01g

Trust: 1.6

vendor:hpmodel:procurve switch 9300mscope:eqversion:08.0.01i

Trust: 1.6

vendor:hpmodel:procurve switch 9300mscope:eqversion:08.0.01e

Trust: 1.6

vendor:hpmodel:procurve switch 9300mscope:eqversion:08.0.01j

Trust: 1.6

vendor:hpmodel:procurve switch 9300mscope:eqversion:08.0.01h

Trust: 1.6

vendor:hpmodel:procurve switch 9300mscope:eqversion:08.0.01f

Trust: 1.6

vendor:hpmodel:procurve switch 9300mscope:eqversion:08.0.01c

Trust: 1.6

vendor:hpmodel:procurve switch 9300mscope:eqversion:08.0.01d

Trust: 1.6

vendor:hewlett packardmodel:procurve switch 9300mscope:eqversion:08.0.01c to 08.0.01j

Trust: 0.8

vendor:hpmodel:procurve switch 9315mscope: - version: -

Trust: 0.3

vendor:hpmodel:procurve switch 9308mscope: - version: -

Trust: 0.3

vendor:hpmodel:procurve switch 9304mscope: - version: -

Trust: 0.3

vendor:hpmodel:procurve switch 9300mscope:eqversion:0

Trust: 0.3

sources: BID: 23791 // JVNDB: JVNDB-2007-003805 // CNNVD: CNNVD-200705-082 // NVD: CVE-2007-2502

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2502
value: HIGH

Trust: 1.0

NVD: CVE-2007-2502
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200705-082
value: HIGH

Trust: 0.6

VULHUB: VHN-25864
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-2502
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25864
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-25864 // JVNDB: JVNDB-2007-003805 // CNNVD: CNNVD-200705-082 // NVD: CVE-2007-2502

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2502

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-082

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-200705-082

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003805

PATCH
title:HPSBMI02210 SSRT071396url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01034753
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-003805

EXTERNAL IDS
db:NVDid:CVE-2007-2502
Trust: 2.8
db:BIDid:23791
Trust: 2.0
db:SECUNIAid:25101
Trust: 1.8
db:SECTRACKid:1018001
Trust: 1.7
db:VUPENid:ADV-2007-1651
Trust: 1.7
db:JVNDBid:JVNDB-2007-003805
Trust: 0.8
db:CNNVDid:CNNVD-200705-082
Trust: 0.7
db:XFid:34033
Trust: 0.6
db:HPid:SSRT071396
Trust: 0.6
db:VULHUBid:VHN-25864
Trust: 0.1
db:PACKETSTORMid:56444
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25864 // 
            
            
            
            BID: 23791 // 
            
            
            
            JVNDB: JVNDB-2007-003805 // 
            
            
            
            PACKETSTORM: 56444 // 
            
            
            
            CNNVD: CNNVD-200705-082 // 
            
            
            
            NVD: CVE-2007-2502

REFERENCES
url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01034753
Trust: 2.1
url:http://www.securityfocus.com/bid/23791
Trust: 1.7
url:http://www.securitytracker.com/id?1018001
Trust: 1.7
url:http://secunia.com/advisories/25101
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/1651
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34033
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2502
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2502
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/34033
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/1651
Trust: 0.6
url:http://www.hp.com/rnd/
Trust: 0.3
url:/archive/1/467492
Trust: 0.3
url:/archive/1/468539
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://secunia.com/advisories/25101/
Trust: 0.1
url:http://secunia.com/product/3491/
Trust: 0.1
url:http://www.hp.com/rnd/software/switches.htm
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25864 // 
            
            
            
            BID: 23791 // 
            
            
            
            JVNDB: JVNDB-2007-003805 // 
            
            
            
            PACKETSTORM: 56444 // 
            
            
            
            CNNVD: CNNVD-200705-082 // 
            
            
            
            NVD: CVE-2007-2502

CREDITS
HP
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200705-082

SOURCES
db:VULHUBid:VHN-25864
db:BIDid:23791
db:JVNDBid:JVNDB-2007-003805
db:PACKETSTORMid:56444
db:CNNVDid:CNNVD-200705-082
db:NVDid:CVE-2007-2502

LAST UPDATE DATE
2025-04-10T23:14:16.938000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-25864date:2017-07-29T00:00:00
db:BIDid:23791date:2015-05-07T17:39:00
db:JVNDBid:JVNDB-2007-003805date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200705-082date:2007-05-08T00:00:00
db:NVDid:CVE-2007-2502date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-25864date:2007-05-04T00:00:00
db:BIDid:23791date:2007-05-03T00:00:00
db:JVNDBid:JVNDB-2007-003805date:2012-09-25T00:00:00
db:PACKETSTORMid:56444date:2007-05-04T05:48:13
db:CNNVDid:CNNVD-200705-082date:2007-05-03T00:00:00
db:NVDid:CVE-2007-2502date:2007-05-04T01:19:00