CVE-2012-2974 — HIGH (10.0)

Vulnerability Description

The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Smc	Smc8024L2 Switch	All versions

Related Weaknesses (CWE)

CWE-287

References

http://www.kb.cert.org/vuls/id/377915US Government Resource
http://www.securitytracker.com/id?1027285
http://www.kb.cert.org/vuls/id/377915US Government Resource
http://www.securitytracker.com/id?1027285

FAQ

What is CVE-2012-2974?

CVE-2012-2974 is a vulnerability with a CVSS score of 10.0 (HIGH). The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3)...

How severe is CVE-2012-2974?

CVE-2012-2974 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2974?

Check the references section above for vendor advisories and patch information. Affected products include: Smc Smc8024L2 Switch.