Vulnerability Description
The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | E585 | - |
| Huawei | E585U-82 | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hVendor Advisory
- http://www.kb.cert.org/vuls/id/871148US Government Resource
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hVendor Advisory
- http://www.kb.cert.org/vuls/id/871148US Government Resource
FAQ
What is CVE-2012-5968?
CVE-2012-5968 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to t...
How severe is CVE-2012-5968?
CVE-2012-5968 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5968?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei E585, Huawei E585U-82.