CVE-2012-6571
First published: Thu Jun 20 2013(Updated: )
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei AR 18-1x | <=r0130 | |
| Huawei AR 18-2x | <=r1712 | |
| Huawei AR 18-3x | <=r0118 | |
| Huawei AR 19/29/49 | <=r2207 | |
| Huawei AR 28/46 | <=r0311 | |
| Huawei S2000 | =r6305 | |
| Huawei S2300 Firmware | =r6305 | |
| Huawei S2700 | =r6305 | |
| Huawei S3000 | =r6305 | |
| Huawei S3300 firmware | =r6305 | |
| Huawei Campus S3300HI | =r6305 | |
| Huawei S3500 | =r6305 | |
| Huawei Campus S3700HI | =r6305 | |
| Huawei S3900 | =r6305 | |
| Huawei S5100 | =r6305 | |
| Huawei S5600 | =r6305 | |
| Huawei CloudEngine 7800 | =r6305 | |
| Huawei S8500 | =r1631 | |
| Huawei S8500 | =r1632 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-6571?
CVE-2012-6571 is classified as a high severity vulnerability due to its potential for session hijacking.
How do I fix CVE-2012-6571?
To fix CVE-2012-6571, update your Huawei devices to the latest firmware versions that address this vulnerability.
What products are affected by CVE-2012-6571?
CVE-2012-6571 affects multiple Huawei products, including certain models of AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches.
How does CVE-2012-6571 allow attackers to exploit systems?
CVE-2012-6571 allows attackers to exploit systems by leveraging predictable Session ID values to hijack active sessions.
What should I do if I cannot update my devices to mitigate CVE-2012-6571?
If you cannot update your devices to mitigate CVE-2012-6571, consider implementing additional security measures, such as network segmentation and enhanced monitoring.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei ar 18-1x
- version/huawei ar 18-1x/r0130
- canonical/huawei ar 18-2x
- version/huawei ar 18-2x/r1712
- canonical/huawei ar 18-3x
- version/huawei ar 18-3x/r0118
- canonical/huawei ar 19/29/49
- version/huawei ar 19/29/49/r2207
- canonical/huawei ar 28/46
- version/huawei ar 28/46/r0311
- canonical/huawei s2000
- version/huawei s2000/r6305
- canonical/huawei s2300 firmware
- version/huawei s2300 firmware/r6305
- canonical/huawei s2700
- version/huawei s2700/r6305
- canonical/huawei s3000
- version/huawei s3000/r6305
- canonical/huawei s3300 firmware
- version/huawei s3300 firmware/r6305
- canonical/huawei campus s3300hi
- version/huawei campus s3300hi/r6305
- canonical/huawei s3500
- version/huawei s3500/r6305
- canonical/huawei campus s3700hi
- version/huawei campus s3700hi/r6305
- canonical/huawei s3900
- version/huawei s3900/r6305
- canonical/huawei s5100
- version/huawei s5100/r6305
- canonical/huawei s5600
- version/huawei s5600/r6305
- canonical/huawei cloudengine 7800
- version/huawei cloudengine 7800/r6305
- canonical/huawei s8500
- version/huawei s8500/r1631
- version/huawei s8500/r1632