7.1
CVSSv2

CVE-2004-2691

Published: 31/12/2004 Updated: 29/07/2017
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
VMScore: 750
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Summary

Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version prior to 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.

Affected Products

Vendor Product Versions
3com3c17205-us*
3com3c17210-us*
3comSuperstack 3 Switch4400, 4400 Se

Metasploit Modules

3Com SuperStack Switch Denial of Service

This module causes a temporary denial of service condition against 3Com SuperStack switches. By sending excessive data to the HTTP Management interface, the switch stops responding temporarily. The device does not reset. Tested successfully against a 3300SM firmware v2.66. Reported to affect versions prior to v2.72.

msf > use auxiliary/dos/http/3com_superstack_switch
      msf auxiliary(3com_superstack_switch) > show actions
            ...actions...
      msf auxiliary(3com_superstack_switch) > set ACTION <action-name>
      msf auxiliary(3com_superstack_switch) > show options
            ...show and set options...
      msf auxiliary(3com_superstack_switch) > run