ID

VAR-201306-0366


CVE

CVE-2013-4633


TITLE

Huawei Seco Versatile Security Manager Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-003092

DESCRIPTION

Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. Huawei Secospace VSM is a secure unified gateway device. The Huawei Secospace VSM lacks the correct verification check for modifying the default user group permissions, allowing the attacker to use the vulnerability to change the default user group permissions and enhance the permissions. Huawei VSM is a security service management system launched by China's Huawei for operators and enterprise customers. Huawei VSM Default User Groups ’has an elevation of privilege vulnerability. An attacker could use this vulnerability to bypass specific security restrictions and further elevate their permissions. This product can manage all of Huawei's security products, truly realizing "network security co-management". There is a vulnerability in Huawei Seco Versatile Security Manager (VSM) v200r002c00spc200 and earlier versions

Trust: 2.79

sources: NVD: CVE-2013-4633 // JVNDB: JVNDB-2013-003092 // CNVD: CNVD-2013-02795 // CNNVD: CNNVD-201304-091 // VULHUB: VHN-64635

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-02795

AFFECTED PRODUCTS

vendor:huaweimodel:seco versatile security managerscope:eqversion:v200r002c00

Trust: 2.4

vendor:huaweimodel:seco versatile security managerscope:eqversion:v200r002c00spc100

Trust: 2.4

vendor:huaweimodel:seco versatile security managerscope:eqversion:v200r002c00spc200

Trust: 2.4

vendor:huaweimodel:secospace vsm v200r002c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace vsm v200r002c00spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace vsm v200r002c00spc200scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2013-02795 // JVNDB: JVNDB-2013-003092 // CNNVD: CNNVD-201306-413 // NVD: CVE-2013-4633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4633
value: HIGH

Trust: 1.0

NVD: CVE-2013-4633
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-02795
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201306-413
value: CRITICAL

Trust: 0.6

VULHUB: VHN-64635
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-4633
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-02795
severity: HIGH
baseScore: 7.4
vectorString: AV:A/AC:M/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-64635
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-02795 // VULHUB: VHN-64635 // JVNDB: JVNDB-2013-003092 // CNNVD: CNNVD-201306-413 // NVD: CVE-2013-4633

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-64635 // JVNDB: JVNDB-2013-003092 // NVD: CVE-2013-4633

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201304-091 // CNNVD: CNNVD-201306-413

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201306-413

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003092

PATCH

title:Huawei-SA-20130403-01-VSMurl:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258449.htm

Trust: 0.8

title:Huawei Secospace VSM default user group permission security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/33164

Trust: 0.6

sources: CNVD: CNVD-2013-02795 // JVNDB: JVNDB-2013-003092

EXTERNAL IDS

db:NVDid:CVE-2013-4633

Trust: 2.5

db:BIDid:58869

Trust: 1.3

db:JVNDBid:JVNDB-2013-003092

Trust: 0.8

db:CNNVDid:CNNVD-201306-413

Trust: 0.7

db:CNVDid:CNVD-2013-02795

Trust: 0.6

db:CNNVDid:CNNVD-201304-091

Trust: 0.6

db:VULHUBid:VHN-64635

Trust: 0.1

sources: CNVD: CNVD-2013-02795 // VULHUB: VHN-64635 // JVNDB: JVNDB-2013-003092 // CNNVD: CNNVD-201304-091 // CNNVD: CNNVD-201306-413 // NVD: CVE-2013-4633

REFERENCES

url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258449.htm

Trust: 2.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4633

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4633

Trust: 0.8

url:http://www.securityfocus.com/bid/58869

Trust: 0.6

sources: CNVD: CNVD-2013-02795 // VULHUB: VHN-64635 // JVNDB: JVNDB-2013-003092 // CNNVD: CNNVD-201304-091 // CNNVD: CNNVD-201306-413 // NVD: CVE-2013-4633

SOURCES

db:CNVDid:CNVD-2013-02795
db:VULHUBid:VHN-64635
db:JVNDBid:JVNDB-2013-003092
db:CNNVDid:CNNVD-201304-091
db:CNNVDid:CNNVD-201306-413
db:NVDid:CVE-2013-4633

LAST UPDATE DATE

2024-11-23T23:09:59.671000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-02795date:2013-05-28T00:00:00
db:VULHUBid:VHN-64635date:2013-06-21T00:00:00
db:JVNDBid:JVNDB-2013-003092date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201304-091date:2013-04-11T00:00:00
db:CNNVDid:CNNVD-201306-413date:2013-06-28T00:00:00
db:NVDid:CVE-2013-4633date:2024-11-21T01:55:58.497

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-02795date:2013-04-09T00:00:00
db:VULHUBid:VHN-64635date:2013-06-20T00:00:00
db:JVNDBid:JVNDB-2013-003092date:2013-06-24T00:00:00
db:CNNVDid:CNNVD-201304-091date:2013-04-11T00:00:00
db:CNNVDid:CNNVD-201306-413date:2013-06-21T00:00:00
db:NVDid:CVE-2013-4633date:2013-06-20T15:55:01.123