Strix
26.1K

CVE-2012-4960

UnknownEPSS 3.45%

Last modified

CVE-2012-4960 is a vulnerability of currently unknown severity. The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.. EPSS estimates a 3.45% chance of exploitation in the next 30 days.

Description

The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

Metrics

EPSS Probability
3.45%

87.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiAcuv100r003c01spc100
HuaweiAcuv200r001c00
HuaweiAcuv200r001c00spc100
HuaweiAr 19\/29\/49<= r2207
HuaweiAr G3v200r001c00
HuaweiAr G3v200r001c01
HuaweiAr G3v200r002c00spc200
HuaweiAtnv200r001c00
HuaweiAtnv200r001c01
HuaweiCx200v100r005
HuaweiCx300v100r005
HuaweiCx600v200r002
HuaweiCx600v600r001
HuaweiCx600v600r002
HuaweiCx600v600r003
HuaweiE200 Usg2200<= v200r003c00
HuaweiE200 Usg5100<= v200r003c00
HuaweiE200e-B<= v100r005c01
HuaweiE200e-C<= v200r003c00
HuaweiE200e-Usg2100<= v100r005c01
HuaweiE200e-X1<= v100r005c01
HuaweiE200e-X2<= v100r005c01
HuaweiE200x3<= v200r003c00
HuaweiE200x5<= v200r003c00
HuaweiE200x7<= v200r003c00
HuaweiEudemon 8080e<= v100r003c00
HuaweiEudemon 8160e<= v100r003c00
HuaweiEudemon Usg5300<= v200r001
HuaweiEudemon Usg5500<= v200r002
HuaweiEudemon Usg9300<= v100r003c00
HuaweiEudemon Usg9500<= v200r001c00spc600
HuaweiEudemon1000<= v200r006c02
HuaweiEudemon1000e-U<= v200r001
HuaweiEudemon1000e-X<= v200r002
HuaweiEudemon100ev200r007
HuaweiEudemon200v200r001
HuaweiEudemon300<= v200r006c02
HuaweiEudemon500<= v200r006c02
HuaweiEudemon8000e-X<= v200r001c00spc600
HuaweiH3c Ar\(Oem In\)<= r2209
HuaweiMa5200gv200r003
HuaweiMa5200gv300r003
HuaweiMe60v100r005
HuaweiMe60v100r006
HuaweiMe60v600r002
HuaweiMe60v600r003
HuaweiMe60v600r005c00spc600
HuaweiNe20v200r005
HuaweiNe20e-X6v300r005
HuaweiNe40v300r005

Showing 50 of 107 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-4960?
The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
How severe is CVE-2012-4960?
Severity scoring for CVE-2012-4960 is pending analysis. The EPSS model estimates a 3.45% probability of exploitation in the next 30 days.
How do I fix CVE-2012-4960?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-4960?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST