CVE-2012-6571

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

Published: Jun 20, 2013
Updated: Apr 13, 2023
CVE: CVE-2012-6571
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
huawei / ar_19/29/49	-	r2207.x
huawei / ar_18-2x	-	r1712.x
huawei / ar_18-3x	-	r0118.x
huawei / ar_28/46	-	r0311.x
huawei / ar_18-1x	-	r0130.x
huawei / s2300	r6305	r6305.x
huawei / s8500	r1631	r1631.x
huawei / s3300hi	r6305	r6305.x
huawei / s3500	r6305	r6305.x
huawei / s5100	r6305	r6305.x
huawei / s3000	r6305	r6305.x
huawei / s5600	r6305	r6305.x
huawei / s3900	r6305	r6305.x
huawei / s3300	r6305	r6305.x
huawei / s3700	r6305	r6305.x
huawei / s2700	r6305	r6305.x
huawei / s7800	r6305	r6305.x
huawei / s8500	r1632	r1632.x
huawei / s2000	r6305	r6305.x

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm

Vulnerability Database

289,599

CVE-2012-6571