HP Procurve 4000M Switch - Device Reset Denial of Service

EDB-ID:

21828

CVE:

2002-1147

EDB Verified:

Author:

Brook Powers

Type:

dos

Exploit:   /  

Platform:

Hardware

Date:

2002-09-24

Vulnerable App: 
source: https://www.securityfocus.com/bid/5784/info

When multiple Procurve switches are used interconnected, it is common for an administrator to enable a feature allowing each switch to be viewed through a single interface, accessible via the web.

It has been reported that HP Procurve Switches are vulnerable to a denial of service attack, when used in a "stack" configuration. It is possible for an attacker to reset member switches by issuing a device reset command to a vulnerable device. Vulnerable devices do not require authentication before accepting this command.

It should be noted that the web interface is not enabled by default.

http://<IP ADDRESS>/sw2/cgi/device_reset?
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services