Sign-up

ID

VAR-201306-0366


CVE

CVE-2013-4633


TITLE

Huawei Seco Versatile Security Manager Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-003092

DESCRIPTION

Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. Huawei Secospace VSM is a secure unified gateway device. The Huawei Secospace VSM lacks the correct verification check for modifying the default user group permissions, allowing the attacker to use the vulnerability to change the default user group permissions and enhance the permissions. Huawei VSM is a security service management system launched by China's Huawei for operators and enterprise customers. Huawei VSM Default User Groups ’has an elevation of privilege vulnerability. An attacker could use this vulnerability to bypass specific security restrictions and further elevate their permissions. This product can manage all of Huawei's security products, truly realizing "network security co-management". There is a vulnerability in Huawei Seco Versatile Security Manager (VSM) v200r002c00spc200 and earlier versions

Trust: 2.79

sources: NVD: CVE-2013-4633 // JVNDB: JVNDB-2013-003092 // CNVD: CNVD-2013-02795 // CNNVD: CNNVD-201304-091 // VULHUB: VHN-64635

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-02795

AFFECTED PRODUCTS

vendor:huaweimodel:seco versatile security managerscope:eqversion:v200r002c00

Trust: 2.4

vendor:huaweimodel:seco versatile security managerscope:eqversion:v200r002c00spc100

Trust: 2.4

vendor:huaweimodel:seco versatile security managerscope:eqversion:v200r002c00spc200

Trust: 2.4

vendor:huaweimodel:secospace vsm v200r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace vsm v200r002c00spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace vsm v200r002c00spc200scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2013-02795 // JVNDB: JVNDB-2013-003092 // CNNVD: CNNVD-201306-413 // NVD: CVE-2013-4633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4633
value: HIGH

Trust: 1.0

NVD: CVE-2013-4633
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-02795
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201306-413
value: CRITICAL

Trust: 0.6

VULHUB: VHN-64635
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-4633
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-02795
severity: HIGH
baseScore: 7.4
vectorString: AV:A/AC:M/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-64635
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-02795 // VULHUB: VHN-64635 // JVNDB: JVNDB-2013-003092 // CNNVD: CNNVD-201306-413 // NVD: CVE-2013-4633

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-64635 // JVNDB: JVNDB-2013-003092 // NVD: CVE-2013-4633

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201304-091 // CNNVD: CNNVD-201306-413

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201306-413

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003092

PATCH
title:Huawei-SA-20130403-01-VSMurl:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258449.htm
Trust: 0.8
title:Huawei Secospace VSM default user group permission security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/33164
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-02795 // 
            
            
            
            JVNDB: JVNDB-2013-003092

EXTERNAL IDS
db:NVDid:CVE-2013-4633
Trust: 2.5
db:BIDid:58869
Trust: 1.3
db:JVNDBid:JVNDB-2013-003092
Trust: 0.8
db:CNNVDid:CNNVD-201306-413
Trust: 0.7
db:CNVDid:CNVD-2013-02795
Trust: 0.6
db:CNNVDid:CNNVD-201304-091
Trust: 0.6
db:VULHUBid:VHN-64635
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-02795 // 
            
            
            
            VULHUB: VHN-64635 // 
            
            
            
            JVNDB: JVNDB-2013-003092 // 
            
            
            
            CNNVD: CNNVD-201304-091 // 
            
            
            
            CNNVD: CNNVD-201306-413 // 
            
            
            
            NVD: CVE-2013-4633

REFERENCES
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258449.htm
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4633
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4633
Trust: 0.8
url:http://www.securityfocus.com/bid/58869
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-02795 // 
            
            
            
            VULHUB: VHN-64635 // 
            
            
            
            JVNDB: JVNDB-2013-003092 // 
            
            
            
            CNNVD: CNNVD-201304-091 // 
            
            
            
            CNNVD: CNNVD-201306-413 // 
            
            
            
            NVD: CVE-2013-4633

SOURCES
db:CNVDid:CNVD-2013-02795
db:VULHUBid:VHN-64635
db:JVNDBid:JVNDB-2013-003092
db:CNNVDid:CNNVD-201304-091
db:CNNVDid:CNNVD-201306-413
db:NVDid:CVE-2013-4633

LAST UPDATE DATE
2024-08-14T14:40:25.875000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-02795date:2013-05-28T00:00:00
db:VULHUBid:VHN-64635date:2013-06-21T00:00:00
db:JVNDBid:JVNDB-2013-003092date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201304-091date:2013-04-11T00:00:00
db:CNNVDid:CNNVD-201306-413date:2013-06-28T00:00:00
db:NVDid:CVE-2013-4633date:2013-06-21T16:39:16.277

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-02795date:2013-04-09T00:00:00
db:VULHUBid:VHN-64635date:2013-06-20T00:00:00
db:JVNDBid:JVNDB-2013-003092date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201304-091date:2013-04-11T00:00:00
db:CNNVDid:CNNVD-201306-413date:2013-06-21T00:00:00
db:NVDid:CVE-2013-4633date:2013-06-20T15:55:01.123