Vulnerabilities > CVE-2004-2691 - Denial-Of-Service vulnerability in 3Com 3C17205-Us, 3C17210-Us and Superstack 3 Switch

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

3com

metasploit

NVD

Published: 2004-12-31

Updated: 2017-07-29

Summary

Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.

Vulnerable Configurations

Part	Description	Count
Hardware	3Com 3Com 3C17205 US * 3Com 3C17210 US * 3Com Superstack 3 Switch 4400 3Com Superstack 3 Switch 4400_Se	4

Metasploit

description	This module causes a temporary denial of service condition against 3Com SuperStack switches. By sending excessive data to the HTTP Management interface, the switch stops responding temporarily. The device does not reset. Tested successfully against a 3300SM firmware v2.66. Reported to affect versions prior to v2.72.
id	MSF:AUXILIARY/DOS/HTTP/3COM_SUPERSTACK_SWITCH
last seen	2020-03-11
modified	2017-11-08
published	2009-07-01
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2691 http://support.3com.com/infodeli/tools/switches/dna1695-0aaa17.pdf
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/3com_superstack_switch.rb
title	3Com SuperStack Switch Denial of Service

Summary

Vulnerable Configurations

Metasploit

References