mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
109 lines
3.1 KiB
JSON
109 lines
3.1 KiB
JSON
{
|
|
"id": "CVE-2012-5968",
|
|
"sourceIdentifier": "cret@cert.org",
|
|
"published": "2012-12-19T11:55:59.750",
|
|
"lastModified": "2024-11-21T01:45:37.120",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El dispositivo Huawei E585 no valida el estado de las sesiones de administraci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible del usuario y el ID de sesi\u00f3n y modificar datos, aprovech\u00e1ndose del acceso a la red inal\u00e1mbrica.\r\n"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
|
|
"baseScore": 4.8,
|
|
"accessVector": "ADJACENT_NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 6.5,
|
|
"impactScore": 4.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:huawei:e585:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "22225E7E-2877-4BE9-A642-1A80A42DBA87"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:huawei:e585u-82:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "985BF1C4-4154-452E-B362-E014E8EC67F8"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm",
|
|
"source": "cret@cert.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.kb.cert.org/vuls/id/871148",
|
|
"source": "cret@cert.org",
|
|
"tags": [
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.kb.cert.org/vuls/id/871148",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"US Government Resource"
|
|
]
|
|
}
|
|
]
|
|
} |