VAR-200210-0044
Vulnerability from variot - Updated: 2025-04-03 22:27The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. When multiple Procurve switches are used interconnected, it is common for an administrator to enable a feature allowing each switch to be viewed through a single interface, accessible via the web. It has been reported that HP Procurve Switches are vulnerable to a denial of service attack, when used in a "stack" configuration. It is possible for an attacker to reset member switches by issuing a device reset command to a vulnerable device. Vulnerable devices do not require authentication before accepting this command. It should be noted that the web interface is not enabled by default
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200210-0044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "procurve switch 4000m",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "c.09.15"
},
{
"model": "procurve switch 4000m",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "c.09.15"
},
{
"model": "procurve switch 8000m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 4000m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 2424m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 2400m",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "procurve switch 2400m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 1600m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "5784"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-248"
},
{
"db": "NVD",
"id": "CVE-2002-1147"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery credited to Brook Powers and Tony Kapela.",
"sources": [
{
"db": "BID",
"id": "5784"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-248"
}
],
"trust": 0.9
},
"cve": "CVE-2002-1147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2002-1147",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-5535",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1147",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200210-248",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5535",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5535"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-248"
},
{
"db": "NVD",
"id": "CVE-2002-1147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program. When multiple Procurve switches are used interconnected, it is common for an administrator to enable a feature allowing each switch to be viewed through a single interface, accessible via the web. \nIt has been reported that HP Procurve Switches are vulnerable to a denial of service attack, when used in a \"stack\" configuration. It is possible for an attacker to reset member switches by issuing a device reset command to a vulnerable device. Vulnerable devices do not require authentication before accepting this command. \nIt should be noted that the web interface is not enabled by default",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1147"
},
{
"db": "BID",
"id": "5784"
},
{
"db": "VULHUB",
"id": "VHN-5535"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5535",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5535"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5784",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1147",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200210-248",
"trust": 0.7
},
{
"db": "HP",
"id": "HPSBUX0209-219",
"trust": 0.6
},
{
"db": "XF",
"id": "10172",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020924 HP PROCURVE 4000M STACKED SWITCH HTTP RESET VULNERABILITY",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21828",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75648",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5535",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5535"
},
{
"db": "BID",
"id": "5784"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-248"
},
{
"db": "NVD",
"id": "CVE-2002-1147"
}
]
},
"id": "VAR-200210-0044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5535"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:27:22.655000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5784"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/advisories/4501"
},
{
"trust": 1.7,
"url": "http://www.tech-serve.com/research/advisories/2002/a092302-1.txt"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10172.php"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=103287951910420\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103287951910420\u0026w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5535"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-248"
},
{
"db": "NVD",
"id": "CVE-2002-1147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5535"
},
{
"db": "BID",
"id": "5784"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-248"
},
{
"db": "NVD",
"id": "CVE-2002-1147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-5535"
},
{
"date": "2002-09-24T00:00:00",
"db": "BID",
"id": "5784"
},
{
"date": "2002-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-248"
},
{
"date": "2002-10-11T04:00:00",
"db": "NVD",
"id": "CVE-2002-1147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-5535"
},
{
"date": "2009-07-11T17:06:00",
"db": "BID",
"id": "5784"
},
{
"date": "2007-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-248"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-1147"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-248"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP Procurve 4000M Switch Device Reset Service Rejection Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-248"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-248"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…