Reported February 8, 2002, by Tamer Sahin.

VERSION AFFECTED

·         Hewlett-Packard Advancestack J3210A Switching Hub

 

DESCRIPTION

An access validation vulnerability exists in Hewlett-Packard's (HP's) Advancestack J3210A Switching Hub that lets an unprivileged user reconfigure the device by connecting to the device's switch management URL at http://somehost/security/web_access.html.

 

VENDOR RESPONSE

 

The vendor, HP, has been notified but hasn't issued a patch.

 

CREDIT
Discovered by Tamer Sahin of Security Office