CVE-2012-3268
CVE-2012-3268 is a low-severity vulnerability in Hp 0150a129 with a CVSS 2.0 base score of 3.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-522.
Key facts
- Severity: Low (CVSS 2.0 base score 3.5)
- EPSS exploit prediction: 2% (81st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-522
- Affected product: Hp 0150a129
- Published:
- Last modified:
Description
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.
Frequently asked questions
- What is CVE-2012-3268?
- Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.
- How severe is CVE-2012-3268?
- CVE-2012-3268 has a CVSS 2.0 base score of 3.5, rated low severity.
- Is CVE-2012-3268 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (81st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2012-3268?
- CVE-2012-3268 primarily affects Hp 0150a129. In total, 687 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2012-3268?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2012-3268 published?
- CVE-2012-3268 was published on 2013-02-01 and last updated on 2026-06-16.
References
- http://archives.neohapsis.com/archives/bugtraq/2012-10/0123.html
- http://grutztopia.jingojango.net/2012/10/hph3c-and-huawei-snmp-weak-access-to.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515685
- http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000001165&idAbsPath=0301_10001&nameAbsPath=Services%2520News
- http://support.huawei.com/support/pages/news/NewsInfoAction.do?doc_id=IN0000054930&colID=ROOTENWEB%7CCO0000000170&actionFlag=view
- http://www.kb.cert.org/vuls/id/225404
- http://www.kb.cert.org/vuls/id/MORO-8ZDJDP
- http://www.securityfocus.com/bid/56183
- http://www.securitytracker.com/id?1027694
Affected products (687)
- cpe:2.3:h:hp:0150a129:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0150a12a:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0150a12b:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0150a12c:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0231a0av:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0231a65t:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0231a761:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0231a832:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0231a86p:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0231a88a:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0231a88l:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a08f:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a08h:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a08k:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a08m:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a09t:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0a7:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0a8:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0as:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0bq:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0br:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0bs:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0bt:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0bu:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0bx:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0c0:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0c2:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0c4:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0ct:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0e3:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0e5:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0e6:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0e7:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0g0:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0g1:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0g2:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0g3:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0g4:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0g5:-:*:*:*:*:*:*:*
- cpe:2.3:h:hp:0235a0g6:-:*:*:*:*:*:*:*
Other CWE-522 (Insufficiently Protected Credentials) vulnerabilities
- CVE-2026-7312 — Critical (CVSS 10.0): CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to…
- CVE-2026-29128 — Critical (CVSS 10.0): IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g.,…
- CVE-2025-54863 — Critical (CVSS 10.0): Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration…
- CVE-2024-12799 — Critical (CVSS 10.0): Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64…
- CVE-2024-51545 — Critical (CVSS 10.0): Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list…
- CVE-2023-1778 — Critical (CVSS 10.0): This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to…
Browse all CWE-522 (Insufficiently Protected Credentials) vulnerabilities →