Password Vulnerability in Huawei Networking Equipment
CVE-2012-4960

Currently unrated

Key Information:

Vendor: Huawei
Status: Me60; S7700; E200 Usg5100; E200e-x2
Vendor: CVE Published:; 20 June 2013

What is CVE-2012-4960?

The vulnerability in Huawei networking equipment stems from the use of the outdated DES algorithm for stored passwords. This makes it significantly easier for attackers, particularly those with context-dependent knowledge, to execute brute-force attacks and obtain cleartext passwords. Affected devices include a broad range of products across Huawei's networking solutions, highlighting the importance of updating security practices and transitioning to stronger password management algorithms.

References

http://www.kb.cert.org/vuls/id/948096

third-party-advisoryx_refsource_CERT-VN

http://www.huawei.com/en/security/psirt/security-bulletin...

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2013
Vulnerability Reserved
Sep 17, 2012