Vulnerability Description
The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Procurve Switch 4000M | <= c.09.15 |
References
- http://marc.info/?l=bugtraq&m=103287951910420&w=2
- http://online.securityfocus.com/advisories/4501Vendor Advisory
- http://www.iss.net/security_center/static/10172.phpVendor Advisory
- http://www.securityfocus.com/bid/5784
- http://www.tech-serve.com/research/advisories/2002/a092302-1.txt
- http://marc.info/?l=bugtraq&m=103287951910420&w=2
- http://online.securityfocus.com/advisories/4501Vendor Advisory
- http://www.iss.net/security_center/static/10172.phpVendor Advisory
- http://www.securityfocus.com/bid/5784
- http://www.tech-serve.com/research/advisories/2002/a092302-1.txt
FAQ
What is CVE-2002-1147?
CVE-2002-1147 is a vulnerability with a CVSS score of 7.1 (HIGH). The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, wh...
How severe is CVE-2002-1147?
CVE-2002-1147 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1147?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Procurve Switch 4000M.