CVE-2012-3268

Name: CVE-2012-3268
Creator: NVD / NIST
Published: 2013-02-01T11:49:52.647+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.26%

Last modified Jun 16, 2026

CVE-2012-3268 is a vulnerability of currently unknown severity. Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.. EPSS estimates a 2.26% chance of exploitation in the next 30 days.

Description

Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.

Metrics

CVSS 3.0

/10

EPSS Probability

2.26%

80.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-522

Affected Software

Vendor	Product	Versions
Hp	0150a129	All versions
Hp	0150a12a	All versions
Hp	0150a12b	All versions
Hp	0150a12c	All versions
Hp	0231a0av	All versions
Hp	0231a65t	All versions
Hp	0231a761	All versions
Hp	0231a832	All versions
Hp	0231a86p	All versions
Hp	0231a88a	All versions
Hp	0231a88l	All versions
Hp	0235a08f	All versions
Hp	0235a08h	All versions
Hp	0235a08k	All versions
Hp	0235a08m	All versions
Hp	0235a09t	All versions
Hp	0235a0a7	All versions
Hp	0235a0a8	All versions
Hp	0235a0as	All versions
Hp	0235a0bq	All versions
Hp	0235a0br	All versions
Hp	0235a0bs	All versions
Hp	0235a0bt	All versions
Hp	0235a0bu	All versions
Hp	0235a0bx	All versions
Hp	0235a0c0	All versions
Hp	0235a0c2	All versions
Hp	0235a0c4	All versions
Hp	0235a0ct	All versions
Hp	0235a0e3	All versions
Hp	0235a0e5	All versions
Hp	0235a0e6	All versions
Hp	0235a0e7	All versions
Hp	0235a0g0	All versions
Hp	0235a0g1	All versions
Hp	0235a0g2	All versions
Hp	0235a0g3	All versions
Hp	0235a0g4	All versions
Hp	0235a0g5	All versions
Hp	0235a0g6	All versions
Hp	0235a0g7	All versions
Hp	0235a0g8	All versions
Hp	0235a0g9	All versions
Hp	0235a0ga	All versions
Hp	0235a0gc	All versions
Hp	0235a0gd	All versions
Hp	0235a0ge	All versions
Hp	0235a0gf	All versions
Hp	0235a10b	All versions
Hp	0235a10c	All versions

Showing 50 of 687 affected configurations. See NVD for the full list.

References

http://archives.neohapsis.com/archives/bugtraq/2012-10/0123.htmlBroken Link
http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.htmlThird Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515685Broken Link, Vendor Advisory
http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000001165&idAbsPath=0301_10001&nameAbsPath=Services%2520NewsVendor Advisory
http://support.huawei.com/support/pages/news/NewsInfoAction.do?doc_id=IN0000054930&colID=ROOTENWEB%7CCO0000000170&actionFlag=view
http://www.kb.cert.org/vuls/id/225404Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/MORO-8ZDJDPThird Party Advisory, US Government Resource
http://www.securityfocus.com/bid/56183Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1027694Third Party Advisory, VDB Entry
http://archives.neohapsis.com/archives/bugtraq/2012-10/0123.htmlBroken Link
http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.htmlThird Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515685Broken Link, Vendor Advisory
http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000001165&idAbsPath=0301_10001&nameAbsPath=Services%2520NewsVendor Advisory
http://support.huawei.com/support/pages/news/NewsInfoAction.do?doc_id=IN0000054930&colID=ROOTENWEB%7CCO0000000170&actionFlag=view
http://www.kb.cert.org/vuls/id/225404Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/MORO-8ZDJDPThird Party Advisory, US Government Resource
http://www.securityfocus.com/bid/56183Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1027694Third Party Advisory, VDB Entry

Timeline

Published: Feb 1, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-3268?

How severe is CVE-2012-3268?

Severity scoring for CVE-2012-3268 is pending analysis. The EPSS model estimates a 2.26% probability of exploitation in the next 30 days.

How do I fix CVE-2012-3268?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-3268?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST