CVE-2012-5968

{"id": "CVE-2012-5968", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-12-19T11:55:59.750", "references": [{"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/871148", "tags": ["US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network."}, {"lang": "es", "value": "El dispositivo Huawei E585 no valida el estado de las sesiones de administraci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible del usuario y el ID de sesi\u00f3n y modificar datos, aprovech\u00e1ndose del acceso a la red inal\u00e1mbrica.\r\n"}], "lastModified": "2013-01-29T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:e585:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22225E7E-2877-4BE9-A642-1A80A42DBA87"}, {"criteria": "cpe:2.3:h:huawei:e585u-82:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "985BF1C4-4154-452E-B362-E014E8EC67F8"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}