Details of VAR-201511-0275

ID

VAR-201511-0275

CVE

CVE-2015-7845

TITLE

plural Huawei eSpace Unified Gateway Software CLI Service disruption in module exception handling mechanism (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-005995

DESCRIPTION

The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets. Huawei eSpace U1910, eSpace U1911, eSpace U1930, eSpace U1960, eSpace U1980, and eSpace U1981 are Huawei eSpace U1900 series switches. Remote attackers can send denial-of-service attacks by sending specially crafted SSH packets. The following products and versions are affected: Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 using V100R001C20 software

Trust: 2.52

sources: NVD: CVE-2015-7845 // JVNDB: JVNDB-2015-005995 // CNVD: CNVD-2015-07756 // IVD: 6e8180ba-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-85806 // VULMON: CVE-2015-7845

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 6e8180ba-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07756

AFFECTED PRODUCTS

vendor:	huawei	model:	espace	scope:	lte	version:	v100r001c20	Trust: 1.0
vendor:	huawei	model:	espace u1910 unified gateway	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	espace u1911 unified gateway	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	espace u1930 unified gateway	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	espace u1960 unified gateway	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	espace u1980 unified gateway	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	espace u1981 unified gateway	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	espace	scope:	lt	version:	v100r001c20sph605	Trust: 0.8
vendor:	huawei	model:	espace u1981	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	espace u1980	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	espace u1960	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	espace u1930	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	espace u1911	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	espace u1910	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	espace	scope:	eq	version:	v100r001c20	Trust: 0.6
vendor:	espace	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 6e8180ba-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07756 // JVNDB: JVNDB-2015-005995 // CNNVD: CNNVD-201511-333 // NVD: CVE-2015-7845

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7845
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-7845
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-07756
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201511-333
value:	MEDIUM
Trust: 0.6
IVD:	6e8180ba-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-85806
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-7845
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7845
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-07756
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6e8180ba-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-85806
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 6e8180ba-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07756 // VULHUB: VHN-85806 // VULMON: CVE-2015-7845 // JVNDB: JVNDB-2015-005995 // CNNVD: CNNVD-201511-333 // NVD: CVE-2015-7845

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-85806 // JVNDB: JVNDB-2015-005995 // NVD: CVE-2015-7845

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-333

TYPE

Input validation

Trust: 0.8

sources: IVD: 6e8180ba-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201511-333

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005995

PATCH

title:	Huawei-SA-20150909-01-U1900	url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-453512.htm	Trust: 0.8
title:	Patches for multiple Huawei eSpace switch denial of service vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/67071	Trust: 0.6
title:	Multiple Huawei eSpace Repair measures for switch denial of service vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58807	Trust: 0.6

sources: CNVD: CNVD-2015-07756 // JVNDB: JVNDB-2015-005995 // CNNVD: CNNVD-201511-333

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7845	Trust: 3.4
db:	CNNVD	id:	CNNVD-201511-333	Trust: 0.9
db:	CNVD	id:	CNVD-2015-07756	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005995	Trust: 0.8
db:	NSFOCUS	id:	31603	Trust: 0.6
db:	IVD	id:	6E8180BA-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	SEEBUG	id:	SSVID-89904	Trust: 0.1
db:	VULHUB	id:	VHN-85806	Trust: 0.1
db:	VULMON	id:	CVE-2015-7845	Trust: 0.1

REFERENCES

url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-453512.htm	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7845	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7845	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/31603	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2015-07756 // VULHUB: VHN-85806 // VULMON: CVE-2015-7845 // JVNDB: JVNDB-2015-005995 // CNNVD: CNNVD-201511-333 // NVD: CVE-2015-7845

SOURCES

db:	IVD	id:	6e8180ba-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-07756
db:	VULHUB	id:	VHN-85806
db:	VULMON	id:	CVE-2015-7845
db:	JVNDB	id:	JVNDB-2015-005995
db:	CNNVD	id:	CNNVD-201511-333
db:	NVD	id:	CVE-2015-7845

LAST UPDATE DATE

2024-11-23T22:01:40.077000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07756	date:	2015-11-24T00:00:00
db:	VULHUB	id:	VHN-85806	date:	2015-11-20T00:00:00
db:	VULMON	id:	CVE-2015-7845	date:	2015-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-005995	date:	2015-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201511-333	date:	2015-11-20T00:00:00
db:	NVD	id:	CVE-2015-7845	date:	2024-11-21T02:37:31.070

SOURCES RELEASE DATE

db:	IVD	id:	6e8180ba-2351-11e6-abef-000c29c66e3d	date:	2015-11-24T00:00:00
db:	CNVD	id:	CNVD-2015-07756	date:	2015-11-24T00:00:00
db:	VULHUB	id:	VHN-85806	date:	2015-11-19T00:00:00
db:	VULMON	id:	CVE-2015-7845	date:	2015-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2015-005995	date:	2015-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201511-333	date:	2015-11-20T00:00:00
db:	NVD	id:	CVE-2015-7845	date:	2015-11-19T20:59:06.097