Details of VAR-201302-0205

ID

VAR-201302-0205

CVE

CVE-2013-0120

TITLE

Dell PowerConnect 6248P series switch denial of service vulnerability

Trust: 0.8

sources: CERT/CC: VU#160460

DESCRIPTION

The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request. Dell PowerConnect 6248P There is a service disruption (DoS) Vulnerabilities exist. Dell Network switch provided by PowerConnect 6248P There is a service disruption (DoS) Vulnerabilities exist.Denial of service by handling crafted requests (DoS) There is a possibility of being attacked. The Dell PowerConnect 6248P is a core switch product. Allows an attacker to exploit the vulnerability to make the switch crash unavailable. Dell PowerConnect 6248P is prone to a denial-of-service vulnerability

Trust: 3.24

sources: NVD: CVE-2013-0120 // CERT/CC: VU#160460 // JVNDB: JVNDB-2013-001698 // CNVD: CNVD-2013-01291 // BID: 58122 // VULHUB: VHN-60122

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-01291

AFFECTED PRODUCTS

vendor:	dell	model:	powerconnect 6248p	scope:	eq	version:	-	Trust: 1.6
vendor:	dell computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	powerconnect 6248p	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	powerconnect 6248	scope:	-	version:	-	Trust: 0.6
vendor:	dell	model:	powerconnect 6248	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#160460 // CNVD: CNVD-2013-01291 // BID: 58122 // JVNDB: JVNDB-2013-001698 // CNNVD: CNNVD-201302-547 // NVD: CVE-2013-0120

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2013-0120
value:	HIGH
Trust: 1.6
nvd@nist.gov:	CVE-2013-0120
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201302-547
value:	HIGH
Trust: 0.6
VULHUB:	VHN-60122
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-0120
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2013-0120
severity:	HIGH
baseScore:	7.8
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-60122
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#160460 // VULHUB: VHN-60122 // JVNDB: JVNDB-2013-001698 // CNNVD: CNNVD-201302-547 // NVD: CVE-2013-0120

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-60122 // JVNDB: JVNDB-2013-001698 // NVD: CVE-2013-0120

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-547

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201302-547

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001698

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#160460

PATCH

title:

PowerConnect 6248P の詳細

url:

https://www.dell.com/jp/business/p/powerconnect-6248p/pd

Trust: 0.8

sources: JVNDB: JVNDB-2013-001698

EXTERNAL IDS

db:	CERT/CC	id:	VU#160460	Trust: 3.9
db:	NVD	id:	CVE-2013-0120	Trust: 3.4
db:	BID	id:	58122	Trust: 1.0
db:	JVN	id:	JVNVU90797811	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-001698	Trust: 0.8
db:	CNNVD	id:	CNNVD-201302-547	Trust: 0.7
db:	CNVD	id:	CNVD-2013-01291	Trust: 0.6
db:	VULHUB	id:	VHN-60122	Trust: 0.1

sources: CERT/CC: VU#160460 // CNVD: CNVD-2013-01291 // VULHUB: VHN-60122 // BID: 58122 // JVNDB: JVNDB-2013-001698 // CNNVD: CNNVD-201302-547 // NVD: CVE-2013-0120

REFERENCES

url:	http://www.kb.cert.org/vuls/id/160460	Trust: 3.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0120	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu90797811/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0120	Trust: 0.8
url:	http://www.securityfocus.com/bid/58122	Trust: 0.6
url:	http://dell.com	Trust: 0.3

sources: CERT/CC: VU#160460 // CNVD: CNVD-2013-01291 // VULHUB: VHN-60122 // BID: 58122 // JVNDB: JVNDB-2013-001698 // CNNVD: CNNVD-201302-547 // NVD: CVE-2013-0120

CREDITS

Gary Blosser

Trust: 0.9

sources: BID: 58122 // CNNVD: CNNVD-201302-547

SOURCES

db:	CERT/CC	id:	VU#160460
db:	CNVD	id:	CNVD-2013-01291
db:	VULHUB	id:	VHN-60122
db:	BID	id:	58122
db:	JVNDB	id:	JVNDB-2013-001698
db:	CNNVD	id:	CNNVD-201302-547
db:	NVD	id:	CVE-2013-0120

LAST UPDATE DATE

2025-04-11T23:04:06.446000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#160460	date:	2013-02-22T00:00:00
db:	CNVD	id:	CNVD-2013-01291	date:	2013-02-26T00:00:00
db:	VULHUB	id:	VHN-60122	date:	2013-02-25T00:00:00
db:	BID	id:	58122	date:	2013-02-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-001698	date:	2013-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201302-547	date:	2013-02-26T00:00:00
db:	NVD	id:	CVE-2013-0120	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#160460	date:	2013-02-22T00:00:00
db:	CNVD	id:	CNVD-2013-01291	date:	2013-02-26T00:00:00
db:	VULHUB	id:	VHN-60122	date:	2013-02-24T00:00:00
db:	BID	id:	58122	date:	2013-02-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-001698	date:	2013-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201302-547	date:	2013-02-26T00:00:00
db:	NVD	id:	CVE-2013-0120	date:	2013-02-24T11:48:21.533