Session Hijacking Vulnerability in Huawei AR Routers and S Series Switches
CVE-2012-6571

Currently unrated

Key Information:

Vendor: Huawei
Status: Ar 19\/29\/49; Ar 18-2x; Ar 18-3x; Ar 28\/46
Vendor: CVE Published:; 20 June 2013

Summary

The HTTP module within the Branch Intelligent Management System (BIMS) and the web management components of various Huawei AR routers and S series switches suffers from a session hijacking vulnerability. This issue arises from the use of predictable Session ID values that are susceptible to brute-force attacks, allowing remote attackers to forcibly seize control of an active session. As a result, unauthorized users may gain access to sensitive information or perform actions on behalf of another user, compromising the security of the affected systems.

References

http://www.huawei.com/en/security/psirt/security-bulletin...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 20, 2013