Switch Access
Created 2/19/02
Impact
A remote attacker could take complete control of a switch,
thereby giving the attacker the ability to disrupt all network
traffic to all or part of the network. In some cases, it
may also be possible to re-route, intercept, or view network
traffic.
Background
A switch is
a networking device used to send network traffic from one
machine to any one of a number of destination machines. Similar to
a hub, it is used to connect multiple machines using a data-link layer protocol
such as Ethernet,
but instead of sending each packet out through every connection, it
sends each packet only to the intended recipient.
The Problem
The HP AdvanceStack 10Base-T Switching Hub contains a web
page which allows the device's administrative password to
be changed. Since there is no restriction on who can access
the page, an unauthorized user could use the page to set
the password to a word of his or her choice. Then, the
unauthorized user could log into the switch using that password and
make arbitrary configuration changes.
Resolution
The workaround for this vulnerability is to disable web
access and remove the management IP address.
Where can I read more about this?
This vulnerability was reported in
VulnWatch and an
HP Support Information
Digest.