Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-6571

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

Published

2013-06-20T15:55:00.983

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-310

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	huawei	ar_18-1x	≤ r0130	Yes
Hardware	huawei	ar_18-2x	≤ r1712	Yes
Hardware	huawei	ar_18-3x	≤ r0118	Yes
Hardware	huawei	ar_19\/29\/49	≤ r2207	Yes
Hardware	huawei	ar_28\/46	≤ r0311	Yes
Hardware	huawei	s2000	r6305	Yes
Hardware	huawei	s2300	r6305	Yes
Hardware	huawei	s2700	r6305	Yes
Hardware	huawei	s3000	r6305	Yes
Hardware	huawei	s3300	r6305	Yes
Hardware	huawei	s3300hi	r6305	Yes
Hardware	huawei	s3500	r6305	Yes
Hardware	huawei	s3700	r6305	Yes
Hardware	huawei	s3900	r6305	Yes
Hardware	huawei	s5100	r6305	Yes
Hardware	huawei	s5600	r6305	Yes
Hardware	huawei	s7800	r6305	Yes
Hardware	huawei	s8500	r1631	Yes
Hardware	huawei	s8500	r1632	Yes

References

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm ([email protected])
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm (af854a3a-2127-422b-91ae-364da2661108)