Type

Access Validation Error

Release Date

February 8, 2002

Product / Vendor

HP AdvanceStack 10Base-T Switching Hubs combine economical 10Base-T functionality with the performance of switching. Each switching hub starts out as a simple, single-segment, shared 10Base-T hub.

http://www.hp.com

Summary

A problem with the HP switch allows some users to change configuration of the switch. A bug introduced in the HP AdvanceStack J3210A that could allow users full access on the switch. Upon taking advantage of this vulnerability, the user could change the configuration of the switch and could change admin password.

Therefore, it is possible for a superuser password changing with unprivileged access on the switch to gain elevated privileges, and potentially change configuration of the switch.

Exploit

An attacker can get unauthorized access to the switch read/write password change page this page http://host/security/web_access.html and change superuser password. Connect superuser privileged via Web or Telnet.

Tested

HP J3210A AdvanceStack

Vulnerable

HP J3210A AdvanceStack 10BT Management Pack Module for use with HP AdvanceStack Switching Hubs
HP J3200A Advancestack 10Base-T S Hub-12R*
HP J3201A AdvanceStack 10BT-S Hub-12R w/Mgmt
HP J3202A AdvanceStack 10Base-T S Hub-24R*
HP J3203A AdvanceStack 10BT-S Hub-24R w/Mgmt
HP J3204A AdvanceStack 10Base-T S Hub-24T*
HP J3205A AdvanceStack 10BT-S Hub-24T w/Mgmt

Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.

Author

Tamer Sahin
ts(at)securityoffice.net
http://www.securityoffice.net