Executive Summary

Summary
Title SMC SMC8024L2 switch web interface authentication bypass
Informations
Name VU#377915 First vendor Publication 2012-07-11
Vendor VU-CERT Last vendor Modification 2012-07-11
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#377915

SMC SMC8024L2 switch web interface authentication bypass

Original Release date: 11 Jul 2012 | Last revised: 11 Jul 2012

Overview

The SMC8024L2 switch does not require authentication for the web interface configuration pages if they are visited with a direct URL.

Description

The SMC8024L2 switch does not require authentication for the web interface configuration pages if they are visited with a direct URL. An unauthenticated attacker can retrieve all configuration pages from the web management GUI.

Examples of the configuration web pages include:

/status/status_ov.html      : name, SN, Management VLAN, Subnet Mask, Gateway IP, MAC Link status/Ethernet details of all ports
/system/system_smac.html    : MAC/VLANID static configuration
/ports/ports_rl.html        : Rate limiting
/ports/ports_bsc.html       : Storm control
/ports/ports_mir.html       : Port mirroring
/trunks/trunks_mem.html     : Trunks port membership
/trunks/lacp.html           : LACP port configuration
/trunks/lacpstatus.html     : LACP status
/vlans/vlan_mconf.html      : Defined VLANIDs overview
/vlans/vlan_pconf.html      : VLAN per port configuration
/qos/qos_conf.html          : 802.1p/DSCP QoS settings
/rstp/rstp.html             : RSTP configuration
/rstp/rstpstatus.html       : RSTP status
/dot1x/dot1x.html           : 802.1x configuration (Radius IP/port, RADIUS secret key, per port settings)
/security/security.html     : Static/DHCP per port IP address policy
/security/security_port.html: Per port MAC based IDS/IPS
/security/security_acl.html : Management ACL
/igmps/igmpconf.html        : IGMP Snooping/Querying configuration
/igmps/igmpstat.html        : IGMS Snoop status
/snmp/snmp.html             : SNMP configuration (Read/Trap community passwords)

Impact

An unauthenticated attacker may be able to use administrative functions and manage the switch remotely.

Solution

We are currently unaware of a practical solution to this problem. The vendor has stated this product is end-of-life and not supported. Please consider the following workarounds

Restrict Access
Appropriate firewall rules should be enabled to limit access to only trusted users and sources.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
SMC Networks, Inc.Affected22 May 201211 Jul 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal8.1E:POC/RL:U/RC:UC
Environmental8.1CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • http://www.smc.com/index.cfm?event=viewProduct&cid=8&scid=44&localeCode=EN_USA&pid=1542

Credit

Thanks to Elio Torrisi for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs:CVE-2012-2974
  • Date Public:11 Jul 2012
  • Date First Published:11 Jul 2012
  • Date Last Updated:11 Jul 2012
  • Document Revision:14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.


This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/377915

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-287 Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1

OpenVAS Exploits

Date Description
2012-07-12 Name : SMC Networks SMC8024L2 Switch Web Interface Authentication Bypass Vulnerability
File : nvt/gb_smc8024l2_54390.nasl