CVE-2012-6571

CWE-3103 documents3 sources
Severity
7.5HIGH
EPSS
0.2%
top 58.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Huawei AR 18-1xHuawei AR 18-2xHuawei AR 18-3x+15 more
Timeline
PublishedJun 20
Latest updateMay 17

Description

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages18 packages

NVDhuawei/s2000r6305
NVDhuawei/s3000r6305
NVDhuawei/s3500r6305
NVDhuawei/s3900r6305
NVDhuawei/s5100r6305

🔴Vulnerability Details

2
GHSA
GHSA-hggg-cp66-435c: The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500,2022-05-17
CVEList
CVE-2012-6571: The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500,2013-06-20
CVE-2012-6571 (HIGH CVSS 7.5) | The HTTP module in the (1) Branch I | cvebase.io