VAR-201207-0169
Vulnerability from variot - Updated: 2023-12-18 13:15The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. SMC8024L2 There is an authentication bypass vulnerability in the web management screen. SMC Networks Inc. Network switch provided by SMC8024L2 There is an authentication bypass vulnerability in the web management screen. In the web interface URL By directly entering, you can access without requiring authentication.A remote attacker may change the settings of the product. The SMC Networks SMC8024L2 Switch is a powerful switch. The WEB interface of the SMC Networks SMC8024L2 switch incorrectly restricts user access. The SMC8024L2 is a multifunctional 10/100/1000BASE-T independently managed switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201207-0169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smc8024l2 switch",
"scope": null,
"trust": 1.2,
"vendor": "smc",
"version": null
},
{
"model": "smc8024l2 switch",
"scope": "eq",
"trust": 1.0,
"vendor": "smc",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "smc",
"version": null
},
{
"model": "smc8024l2",
"scope": null,
"trust": 0.8,
"vendor": "smc",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#377915"
},
{
"db": "CNVD",
"id": "CNVD-2012-3684"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003056"
},
{
"db": "NVD",
"id": "CVE-2012-2974"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-146"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:smc:smc8024l2_switch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2974"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Elio Torrisi",
"sources": [
{
"db": "BID",
"id": "54390"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-146"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2974",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.1,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2012-2974",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "UNCOFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-2974",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-56255",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-2974",
"trust": 2.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-146",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-56255",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#377915"
},
{
"db": "VULHUB",
"id": "VHN-56255"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003056"
},
{
"db": "NVD",
"id": "CVE-2012-2974"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-146"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. SMC8024L2 There is an authentication bypass vulnerability in the web management screen. SMC Networks Inc. Network switch provided by SMC8024L2 There is an authentication bypass vulnerability in the web management screen. In the web interface URL By directly entering, you can access without requiring authentication.A remote attacker may change the settings of the product. The SMC Networks SMC8024L2 Switch is a powerful switch. The WEB interface of the SMC Networks SMC8024L2 switch incorrectly restricts user access. The SMC8024L2 is a multifunctional 10/100/1000BASE-T independently managed switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2974"
},
{
"db": "CERT/CC",
"id": "VU#377915"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003056"
},
{
"db": "CNVD",
"id": "CNVD-2012-3684"
},
{
"db": "BID",
"id": "54390"
},
{
"db": "VULHUB",
"id": "VHN-56255"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2974",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#377915",
"trust": 3.9
},
{
"db": "SECTRACK",
"id": "1027285",
"trust": 1.1
},
{
"db": "BID",
"id": "54390",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003056",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201207-146",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-3684",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19986",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-56255",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#377915"
},
{
"db": "CNVD",
"id": "CNVD-2012-3684"
},
{
"db": "VULHUB",
"id": "VHN-56255"
},
{
"db": "BID",
"id": "54390"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003056"
},
{
"db": "NVD",
"id": "CVE-2012-2974"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-146"
}
]
},
"id": "VAR-201207-0169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3684"
},
{
"db": "VULHUB",
"id": "VHN-56255"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3684"
}
]
},
"last_update_date": "2023-12-18T13:15:03.874000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SMC8024L2",
"trust": 0.8,
"url": "http://www.smc.com/index.cfm?event=viewproduct\u0026cid=8\u0026scid=44\u0026localecode=en_usa\u0026pid=1542"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003056"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56255"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003056"
},
{
"db": "NVD",
"id": "CVE-2012-2974"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/377915"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1027285"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://www.smc.com/index.cfm?event=viewproduct\u0026cid=8\u0026scid=44\u0026localecode=en_usa\u0026pid=1542"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2974"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu377915/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2974"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/54390"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19986"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#377915"
},
{
"db": "CNVD",
"id": "CNVD-2012-3684"
},
{
"db": "VULHUB",
"id": "VHN-56255"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003056"
},
{
"db": "NVD",
"id": "CVE-2012-2974"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-146"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#377915"
},
{
"db": "CNVD",
"id": "CNVD-2012-3684"
},
{
"db": "VULHUB",
"id": "VHN-56255"
},
{
"db": "BID",
"id": "54390"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003056"
},
{
"db": "NVD",
"id": "CVE-2012-2974"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-146"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#377915"
},
{
"date": "2012-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3684"
},
{
"date": "2012-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-56255"
},
{
"date": "2012-07-11T00:00:00",
"db": "BID",
"id": "54390"
},
{
"date": "2012-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003056"
},
{
"date": "2012-07-19T15:55:02.783000",
"db": "NVD",
"id": "CVE-2012-2974"
},
{
"date": "2012-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-146"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#377915"
},
{
"date": "2012-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3684"
},
{
"date": "2017-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-56255"
},
{
"date": "2012-07-11T00:00:00",
"db": "BID",
"id": "54390"
},
{
"date": "2012-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003056"
},
{
"date": "2017-12-22T02:29:10.653000",
"db": "NVD",
"id": "CVE-2012-2974"
},
{
"date": "2012-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-146"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-146"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SMC Networks SMC8024L2 Switch Web Interface Authentication Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "54390"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-146"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-146"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…