Vulnerabilities > CVE-2002-0250 - Authentication Bypass vulnerability in HP AdvanceStack Switch

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

exploit available

NVD

Published: 2002-05-29

Updated: 2016-10-18

Summary

Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.

Vulnerable Configurations

Part	Description	Count
Hardware	Hp HP Advancestack 10Base T Switching HUB J3200A A.03.07 HP Advancestack 10Base T Switching HUB J3201A A.03.07 HP Advancestack 10Base T Switching HUB J3202A A.03.07 HP Advancestack 10Base T Switching HUB J3203A A.03.07 HP Advancestack 10Base T Switching HUB J3204A A.03.07 HP Advancestack 10Base T Switching HUB J3205A A.03.07 HP Advancestack 10Base T Switching HUB J3210A A.03.07	7

Exploit-Db

description	HP AdvanceStack Switch Authentication Bypass Vulnerability. CVE-2002-0250 . Remote exploit for hardware platform
id	EDB-ID:21285
last seen	2016-02-02
modified	2002-02-08
published	2002-02-08
reporter	Tamer Sahin
source	https://www.exploit-db.com/download/21285/
title	HP AdvanceStack Switch Authentication Bypass Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References