OpenCVE

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	E585 E585u-82

Configuration 1 [-]

OR	cpe:2.3:h:huawei:e585:-:::::::*
	cpe:2.3:h:huawei:e585u-82:-:::::::*

No data.

References

Link	Providers
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm
http://www.kb.cert.org/vuls/id/871148

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2012-12-19T11:00:00Z

Updated: 2024-09-17T01:35:39.801Z

Reserved: 2012-11-21T00:00:00Z

Link: CVE-2012-5968

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-12-19T11:55:59.750

Modified: 2024-11-21T01:45:37.120

Link: CVE-2012-5968

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-12-19T11:00:00Z", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm"}, {"name": "VU#871148", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/871148"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2012-5968", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm"}, {"name": "VU#871148", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/871148"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:21:28.509Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm"}, {"name": "VU#871148", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/871148"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2012-5968", "datePublished": "2012-12-19T11:00:00Z", "dateReserved": "2012-11-21T00:00:00Z", "dateUpdated": "2024-09-17T01:35:39.801Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:e585:-:*:*:*:*:*:*:*", "matchCriteriaId": "22225E7E-2877-4BE9-A642-1A80A42DBA87", "vulnerable": true}, {"criteria": "cpe:2.3:h:huawei:e585u-82:-:*:*:*:*:*:*:*", "matchCriteriaId": "985BF1C4-4154-452E-B362-E014E8EC67F8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network."}, {"lang": "es", "value": "El dispositivo Huawei E585 no valida el estado de las sesiones de administraci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible del usuario y el ID de sesi\u00f3n y modificar datos, aprovech\u00e1ndose del acceso a la red inal\u00e1mbrica.\r\n"}], "id": "CVE-2012-5968", "lastModified": "2024-11-21T01:45:37.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-19T11:55:59.750", "references": [{"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/871148"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/871148"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}