{"vuid":"VU#523027","idnumber":"523027","name":"LG-Nortel ELO GS24M Switch contains multiple vulnerabilities","keywords":["LG-Nortel","ELO","GS24M","Switch"],"overview":"The LG-Nortel ELO GS24M switch web management interface contains multiple vulnerabilities including; authentication bypass (CWE-592) and information exposure (CWE-200).","clean_desc":"The LG-Nortel ELO GS24M switch web management interface authentication can be bypassed by accessing URL's for configuration web pages directly. Web pages exist that can download the current device configuration that also includes credentials in cleartext.","impact":"A remote unauthenticated attacker may be able to operate and configure the device with the permissions of an administrator.","resolution":"This product is considered end-of-life by the vendor and is no longer supported. Please consider the following workaround:","workarounds":"Restrict Access\nImplement appropriate firewall rules to only allow trusted sources to access the web management interface of the device.","sysaffected":"","thanks":"Thanks to Christopher Campbell for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://cwe.mitre.org/data/definitions/592.html","http://cwe.mitre.org/data/definitions/200.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-02-28T14:40:51Z","publicdate":"2012-03-21T00:00:00Z","datefirstpublished":"2012-03-21T18:48:13Z","dateupdated":"2012-03-28T12:16:35Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"1","cam_exploitation":"7","cam_internetinfrastructure":"6","cam_population":"7","cam_impact":"7","cam_easeofexploitation":"20","cam_attackeraccessrequired":"6","cam_scorecurrent":"1.5435","cam_scorecurrentwidelyknown":"3.63825","cam_scorecurrentwidelyknownexploited":"5.0715","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"8.3","cvss_basevector":"AV:A/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"7.5","cvss_environmentalscore":"7.5","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":1.5435,"vulnote":null}