Sign-up

ID

VAR-201601-0156


CVE

CVE-2015-8672


TITLE

plural Huawei TE Denial of service operation in the product software presentation transmission right management mechanism (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-006790

DESCRIPTION

The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a wireless presentation. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlService disruption by a third party due to problems with wireless presentation ( Stop wired presentation ) There is a possibility of being put into a state. Huawei TE30, TE40, TE50, and TE60 are Huawei's integrated HD video conferencing terminal devices that support intelligent voice calls and Wi-Fi wireless interconnection. A security vulnerability exists in the presentationtransmissionpermissionmanage mechanism of the HuaweiTE30, TE40, TE50, and TE60Debug accounts, allowing remote attackers to exploit the vulnerability for denial of service attacks. Multiple Huawei TE products are prone to a denial-of-service vulnerability and a security-bypass vulnerability. The following products and versions are affected: Huawei TE30, TE40, TE50, and TE60 using software versions earlier than V100R001C10SPC100

Trust: 2.52

sources: NVD: CVE-2015-8672 // JVNDB: JVNDB-2015-006790 // CNVD: CNVD-2016-00293 // BID: 77829 // VULHUB: VHN-86633

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-00293

AFFECTED PRODUCTS

vendor:huaweimodel:te30scope: - version: -

Trust: 1.4

vendor:huaweimodel:te40scope: - version: -

Trust: 1.4

vendor:huaweimodel:te50scope: - version: -

Trust: 1.4

vendor:huaweimodel:te60scope: - version: -

Trust: 1.4

vendor:huaweimodel:te60scope:lteversion:v100r001c10b022

Trust: 1.0

vendor:huaweimodel:te60scope:ltversion:v100r001c10spc100

Trust: 0.8

vendor:huaweimodel:te60scope:eqversion:v100r001c10b022

Trust: 0.6

sources: CNVD: CNVD-2016-00293 // JVNDB: JVNDB-2015-006790 // CNNVD: CNNVD-201601-195 // NVD: CVE-2015-8672

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8672
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-8672
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-00293
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201601-195
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86633
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8672
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00293
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86633
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8672
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-00293 // VULHUB: VHN-86633 // JVNDB: JVNDB-2015-006790 // CNNVD: CNNVD-201601-195 // NVD: CVE-2015-8672

PROBLEMTYPE DATA

problemtype:CWE-19

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-86633 // JVNDB: JVNDB-2015-006790 // NVD: CVE-2015-8672

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-195

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201601-195

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006790

PATCH
title:Huawei-SA-20151125-01-TEurl:http://www.huawei.com/en/psirt/security-advisories/hw-462952
Trust: 0.8
title:Patches for multiple Huawei product denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/70125
Trust: 0.6
title:Multiple Huawei Product denial of service vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59547
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-00293 // 
            
            
            
            JVNDB: JVNDB-2015-006790 // 
            
            
            
            CNNVD: CNNVD-201601-195

EXTERNAL IDS
db:NVDid:CVE-2015-8672
Trust: 3.4
db:JVNDBid:JVNDB-2015-006790
Trust: 0.8
db:CNNVDid:CNNVD-201601-195
Trust: 0.7
db:CNVDid:CNVD-2016-00293
Trust: 0.6
db:BIDid:77829
Trust: 0.3
db:VULHUBid:VHN-86633
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-00293 // 
            
            
            
            VULHUB: VHN-86633 // 
            
            
            
            BID: 77829 // 
            
            
            
            JVNDB: JVNDB-2015-006790 // 
            
            
            
            CNNVD: CNNVD-201601-195 // 
            
            
            
            NVD: CVE-2015-8672

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/hw-462952
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8672
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8672
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462952.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-00293 // 
            
            
            
            VULHUB: VHN-86633 // 
            
            
            
            BID: 77829 // 
            
            
            
            JVNDB: JVNDB-2015-006790 // 
            
            
            
            CNNVD: CNNVD-201601-195 // 
            
            
            
            NVD: CVE-2015-8672

CREDITS
Huawei
Trust: 0.3
sources:
            
            
            BID: 77829

SOURCES
db:CNVDid:CNVD-2016-00293
db:VULHUBid:VHN-86633
db:BIDid:77829
db:JVNDBid:JVNDB-2015-006790
db:CNNVDid:CNNVD-201601-195
db:NVDid:CVE-2015-8672

LAST UPDATE DATE
2024-11-23T22:38:46.059000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-00293date:2016-01-19T00:00:00
db:VULHUBid:VHN-86633date:2016-06-01T00:00:00
db:BIDid:77829date:2016-01-14T23:58:00
db:JVNDBid:JVNDB-2015-006790date:2016-01-21T00:00:00
db:CNNVDid:CNNVD-201601-195date:2016-01-13T00:00:00
db:NVDid:CVE-2015-8672date:2024-11-21T02:38:56.563

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-00293date:2016-01-19T00:00:00
db:VULHUBid:VHN-86633date:2016-01-12T00:00:00
db:BIDid:77829date:2015-11-25T00:00:00
db:JVNDBid:JVNDB-2015-006790date:2016-01-21T00:00:00
db:CNNVDid:CNNVD-201601-195date:2016-01-13T00:00:00
db:NVDid:CVE-2015-8672date:2016-01-12T20:59:05.637