Sign-up

ID

VAR-201207-0169


CVE

CVE-2012-2974


TITLE

SMC Networks SMC8024L2 Switch Web Interface Authentication Bypass Vulnerability

Trust: 0.9

sources: BID: 54390 // CNNVD: CNNVD-201207-146

DESCRIPTION

The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. SMC8024L2 There is an authentication bypass vulnerability in the web management screen. SMC Networks Inc. Network switch provided by SMC8024L2 There is an authentication bypass vulnerability in the web management screen. In the web interface URL By directly entering, you can access without requiring authentication.A remote attacker may change the settings of the product. The SMC Networks SMC8024L2 Switch is a powerful switch. The WEB interface of the SMC Networks SMC8024L2 switch incorrectly restricts user access. The SMC8024L2 is a multifunctional 10/100/1000BASE-T independently managed switch

Trust: 3.24

sources: NVD: CVE-2012-2974 // CERT/CC: VU#377915 // JVNDB: JVNDB-2012-003056 // CNVD: CNVD-2012-3684 // BID: 54390 // VULHUB: VHN-56255

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-3684

AFFECTED PRODUCTS

vendor:smcmodel:smc8024l2 switchscope: - version: -

Trust: 1.2

vendor:smcmodel:smc8024l2 switchscope:eqversion:*

Trust: 1.0

vendor:smcmodel: - scope: - version: -

Trust: 0.8

vendor:smcmodel:smc8024l2scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#377915 // CNVD: CNVD-2012-3684 // JVNDB: JVNDB-2012-003056 // CNNVD: CNNVD-201207-146 // NVD: CVE-2012-2974

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2012-2974
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2012-2974
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201207-146
value: CRITICAL

Trust: 0.6

VULHUB: VHN-56255
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-2974
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2012-2974
severity: HIGH
baseScore: 10.0
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-56255
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#377915 // VULHUB: VHN-56255 // JVNDB: JVNDB-2012-003056 // CNNVD: CNNVD-201207-146 // NVD: CVE-2012-2974

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-56255 // JVNDB: JVNDB-2012-003056 // NVD: CVE-2012-2974

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-146

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201207-146

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003056

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#377915

PATCH
title:SMC8024L2url:http://www.smc.com/index.cfm?event=viewProduct&cid=8&scid=44&localeCode=EN_USA&pid=1542
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003056

EXTERNAL IDS
db:CERT/CCid:VU#377915
Trust: 3.9
db:NVDid:CVE-2012-2974
Trust: 3.4
db:SECTRACKid:1027285
Trust: 1.1
db:BIDid:54390
Trust: 1.0
db:JVNDBid:JVNDB-2012-003056
Trust: 0.8
db:CNNVDid:CNNVD-201207-146
Trust: 0.7
db:CNVDid:CNVD-2012-3684
Trust: 0.6
db:NSFOCUSid:19986
Trust: 0.6
db:VULHUBid:VHN-56255
Trust: 0.1
sources:
            
            
            CERT/CC: VU#377915 // 
            
            
            
            CNVD: CNVD-2012-3684 // 
            
            
            
            VULHUB: VHN-56255 // 
            
            
            
            BID: 54390 // 
            
            
            
            JVNDB: JVNDB-2012-003056 // 
            
            
            
            CNNVD: CNNVD-201207-146 // 
            
            
            
            NVD: CVE-2012-2974

REFERENCES
url:http://www.kb.cert.org/vuls/id/377915
Trust: 3.1
url:http://www.securitytracker.com/id?1027285
Trust: 1.1
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://www.smc.com/index.cfm?event=viewproduct&cid=8&scid=44&localecode=en_usa&pid=1542
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2974
Trust: 0.8
url:http://jvn.jp/cert/jvnvu377915/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2974
Trust: 0.8
url:http://www.securityfocus.com/bid/54390
Trust: 0.6
url:http://www.nsfocus.net/vulndb/19986
Trust: 0.6
sources:
            
            
            CERT/CC: VU#377915 // 
            
            
            
            CNVD: CNVD-2012-3684 // 
            
            
            
            VULHUB: VHN-56255 // 
            
            
            
            JVNDB: JVNDB-2012-003056 // 
            
            
            
            CNNVD: CNNVD-201207-146 // 
            
            
            
            NVD: CVE-2012-2974

CREDITS
Elio Torrisi
Trust: 0.9
sources:
            
            
            BID: 54390 // 
            
            
            
            CNNVD: CNNVD-201207-146

SOURCES
db:CERT/CCid:VU#377915
db:CNVDid:CNVD-2012-3684
db:VULHUBid:VHN-56255
db:BIDid:54390
db:JVNDBid:JVNDB-2012-003056
db:CNNVDid:CNNVD-201207-146
db:NVDid:CVE-2012-2974

LAST UPDATE DATE
2025-04-11T23:09:58.060000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#377915date:2012-07-11T00:00:00
db:CNVDid:CNVD-2012-3684date:2012-07-17T00:00:00
db:VULHUBid:VHN-56255date:2017-12-22T00:00:00
db:BIDid:54390date:2012-07-11T00:00:00
db:JVNDBid:JVNDB-2012-003056date:2012-07-12T00:00:00
db:CNNVDid:CNNVD-201207-146date:2012-07-13T00:00:00
db:NVDid:CVE-2012-2974date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#377915date:2012-07-11T00:00:00
db:CNVDid:CNVD-2012-3684date:2012-07-17T00:00:00
db:VULHUBid:VHN-56255date:2012-07-19T00:00:00
db:BIDid:54390date:2012-07-11T00:00:00
db:JVNDBid:JVNDB-2012-003056date:2012-07-12T00:00:00
db:CNNVDid:CNNVD-201207-146date:2012-07-13T00:00:00
db:NVDid:CVE-2012-2974date:2012-07-19T15:55:02.783