header-logo
Suggest Exploit
vendor:
Procurve Switches
by:
SecurityFocus
N/A
CVSS
N/A
Denial of Service
N/A
CWE
Product Name: Procurve Switches
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

HP Procurve Switches Denial of Service Vulnerability

When multiple Procurve switches are used interconnected, it is common for an administrator to enable a feature allowing each switch to be viewed through a single interface, accessible via the web. It has been reported that HP Procurve Switches are vulnerable to a denial of service attack, when used in a 'stack' configuration. It is possible for an attacker to reset member switches by issuing a device reset command to a vulnerable device. Vulnerable devices do not require authentication before accepting this command.

Mitigation:

It should be noted that the web interface is not enabled by default.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5784/info

When multiple Procurve switches are used interconnected, it is common for an administrator to enable a feature allowing each switch to be viewed through a single interface, accessible via the web.

It has been reported that HP Procurve Switches are vulnerable to a denial of service attack, when used in a "stack" configuration. It is possible for an attacker to reset member switches by issuing a device reset command to a vulnerable device. Vulnerable devices do not require authentication before accepting this command.

It should be noted that the web interface is not enabled by default.

http://<IP ADDRESS>/sw2/cgi/device_reset?

Navigation

Suggest Exploit

Services By CQR