HTTP: Hewlett Packard Procurve Remote Reset
This signature detects attempts to exploit a known vulnerability against the HP Procurve 4000M switch. Configuration changes for the switch are made through an HTTP-based interface; however, the script that resets the switch after a configuration change does not properly authenticate the IP address that calls the script. Attackers can call the script repeatedly to perform a denial of service.
Extended Description
When multiple Procurve switches are used interconnected, it is common for an administrator to enable a feature allowing each switch to be viewed through a single interface, accessible via the web. It has been reported that HP Procurve Switches are vulnerable to a denial of service attack, when used in a "stack" configuration. It is possible for an attacker to reset member switches by issuing a device reset command to a vulnerable device. Vulnerable devices do not require authentication before accepting this command. It should be noted that the web interface is not enabled by default.
Affected Products
Hp procurve_switch_4000m
Short Name
HTTP:MISC:HP-PROCURVE-RESET
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2002-1147 Hewlett Packard Procurve Remote Reset bid:5784
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Hp
CVSS Score
7.1