{"vuid":"VU#377915","idnumber":"377915","name":"SMC SMC8024L2 switch web interface authentication bypass","keywords":["SMC SMC8024L2 switch authentication bypass"],"overview":"The SMC8024L2 switch does not require authentication for the web interface configuration pages if they are visited with a direct URL.","clean_desc":"The SMC8024L2 switch does not require authentication for the web interface configuration pages if they are visited with a direct URL. An unauthenticated attacker can retrieve all configuration pages from the web management GUI. Examples of the configuration web pages include: /status/status_ov.html      : name, SN, Management VLAN, Subnet Mask, Gateway IP, MAC Link status/Ethernet details of all ports\n/system/system_smac.html    : MAC/VLANID static configuration\n/ports/ports_rl.html        : Rate limiting\n/ports/ports_bsc.html       : Storm control\n/ports/ports_mir.html       : Port mirroring\n/trunks/trunks_mem.html     : Trunks port membership\n/trunks/lacp.html           : LACP port configuration\n/trunks/lacpstatus.html     : LACP status\n/vlans/vlan_mconf.html      : Defined VLANIDs overview\n/vlans/vlan_pconf.html      : VLAN per port configuration\n/qos/qos_conf.html          : 802.1p/DSCP QoS settings\n/rstp/rstp.html             : RSTP configuration\n/rstp/rstpstatus.html       : RSTP status\n/dot1x/dot1x.html           : 802.1x configuration (Radius IP/port, RADIUS secret key, per port settings)\n/security/security.html     : Static/DHCP per port IP address policy\n/security/security_port.html: Per port MAC based IDS/IPS\n/security/security_acl.html : Management ACL\n/igmps/igmpconf.html        : IGMP Snooping/Querying configuration\n/igmps/igmpstat.html        : IGMS Snoop status\n/snmp/snmp.html             : SNMP configuration (Read/Trap community passwords)","impact":"An unauthenticated attacker may be able to use administrative functions and manage the switch remotely.","resolution":"We are currently unaware of a practical solution to this problem. The vendor has stated this product is end-of-life and not supported. Please consider the following workarounds","workarounds":"Restrict Access\nAppropriate firewall rules should be enabled to limit access to only trusted users and sources.","sysaffected":"","thanks":"Thanks to Elio Torrisi for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["h","t","t","p",":","/","/","w","w","w",".","s","m","c",".","c","o","m","/","i","n","d","e","x",".","c","f","m","?","e","v","e","n","t","=","v","i","e","w","P","r","o","d","u","c","t","&","c","i","d","=","8","&","s","c","i","d","=","4","4","&","l","o","c","a","l","e","C","o","d","e","=","E","N","_","U","S","A","&","p","i","d","=","1","5","4","2"],"cveids":["CVE-2012-2974"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-05-21T17:07:52Z","publicdate":"2012-07-11T00:00:00Z","datefirstpublished":"2012-07-11T17:35:05Z","dateupdated":"2012-07-11T17:35:06Z","revision":14,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"8.1","cvss_environmentalscore":"8.1","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}