Vulnerabilities > CVE-2002-1147 - Denial Of Service vulnerability in HP Procurve 4000M Switch Device Reset

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

exploit available

NVD

Published: 2002-10-11

Updated: 2016-10-18

Summary

The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. Successful exploitation requires that stacking features and remote administration are enabled.

Vulnerable Configurations

Part	Description	Count
Hardware	Hp HP Procurve Switch 4000M - HP Procurve Switch 4000M C.07.23 HP Procurve Switch 4000M C.08.22 HP Procurve Switch 4000M C.09.09 HP Procurve Switch 4000M C.09.15	5

Exploit-Db

description	HP Procurve 4000M Switch Device Reset Denial Of Service Vulnerability. CVE-2002-1147. Dos exploit for hardware platform
id	EDB-ID:21828
last seen	2016-02-02
modified	2002-09-24
published	2002-09-24
reporter	Brook Powers
source	https://www.exploit-db.com/download/21828/
title	HP Procurve 4000M Switch Device Reset Denial of Service Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References