CVE-2012-4960 — MEDIUM (6.5)

Q: How severe is CVE-2012-4960?

CVE-2012-4960 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-4960?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Acu, Huawei Ar 19\/29\/49, Huawei Ar G3, Huawei Atn, Huawei Cx200.

Vulnerability Description

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Huawei	Acu	v100r003c01spc100
Huawei	Ar 19\/29\/49	<= r2207
Huawei	Ar G3	v200r001c00
Huawei	Atn	v200r001c00
Huawei	Cx200	v100r005
Huawei	Cx300	v100r005
Huawei	Cx600	v200r002
Huawei	E200 Usg2200	<= v200r003c00
Huawei	E200 Usg5100	<= v200r003c00
Huawei	E200E-B	<= v100r005c01
Huawei	E200E-C	<= v200r003c00
Huawei	E200E-Usg2100	<= v100r005c01
Huawei	E200E-X1	<= v100r005c01
Huawei	E200E-X2	<= v100r005c01
Huawei	E200X3	<= v200r003c00
Huawei	E200X5	<= v200r003c00
Huawei	E200X7	<= v200r003c00
Huawei	Eudemon 8080E	<= v100r003c00
Huawei	Eudemon 8160E	<= v100r003c00
Huawei	Eudemon Usg5300	<= v200r001

Related Weaknesses (CWE)

CWE-310

References

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hVendor Advisory
http://www.kb.cert.org/vuls/id/948096US Government Resource
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hVendor Advisory
http://www.kb.cert.org/vuls/id/948096US Government Resource

FAQ

What is CVE-2012-4960?

CVE-2012-4960 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S370...

How severe is CVE-2012-4960?

CVE-2012-4960 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-4960?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Acu, Huawei Ar 19\/29\/49, Huawei Ar G3, Huawei Atn, Huawei Cx200.