Sign-up

ID

VAR-201601-0157


CVE

CVE-2015-8673


TITLE

plural Huawei TE Password change vulnerability in product software

Trust: 0.8

sources: JVNDB: JVNDB-2015-006791

DESCRIPTION

Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. Huawei TE30, TE40, TE50, and TE60 are Huawei's integrated HD video conferencing terminal devices that support intelligent voice calls and Wi-Fi wireless interconnection. Multiple Huawei TE products are prone to a denial-of-service vulnerability and a security-bypass vulnerability. Attackers can exploit these issues to perform denial-of-service attacks or bypass certain security restrictions; this will aid in further attacks. There are security vulnerabilities in several Huawei products. An attacker in close physical proximity could exploit this vulnerability to change passwords. The following products and versions are affected: Huawei TE30, TE40, TE50, and TE60 using software versions earlier than V100R001C10SPC100

Trust: 2.52

sources: NVD: CVE-2015-8673 // JVNDB: JVNDB-2015-006791 // CNVD: CNVD-2016-00294 // BID: 77829 // VULHUB: VHN-86634

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-00294

AFFECTED PRODUCTS

vendor:huaweimodel:te50scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:te60scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:te40scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:te30scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:te30scope: - version: -

Trust: 1.4

vendor:huaweimodel:te40scope: - version: -

Trust: 1.4

vendor:huaweimodel:te50scope: - version: -

Trust: 1.4

vendor:huaweimodel:te60scope: - version: -

Trust: 1.4

vendor:huaweimodel:te60scope:lteversion:v100r001c10b022

Trust: 1.0

vendor:huaweimodel:te60scope:ltversion:v100r001c10spc100

Trust: 0.8

vendor:huaweimodel:te60scope:eqversion:v100r001c10b022

Trust: 0.6

sources: CNVD: CNVD-2016-00294 // JVNDB: JVNDB-2015-006791 // CNNVD: CNNVD-201601-196 // NVD: CVE-2015-8673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8673
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-8673
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-00294
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201601-196
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86634
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8673
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00294
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86634
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8673
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-00294 // VULHUB: VHN-86634 // JVNDB: JVNDB-2015-006791 // CNNVD: CNNVD-201601-196 // NVD: CVE-2015-8673

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-86634 // JVNDB: JVNDB-2015-006791 // NVD: CVE-2015-8673

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201601-196

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201601-196

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006791

PATCH
title:Huawei-SA-20151125-01-TEurl:http://www.huawei.com/en/psirt/security-advisories/hw-462952
Trust: 0.8
title:Patches for various Huawei product password modification vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/70126
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59548
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-00294 // 
            
            
            
            JVNDB: JVNDB-2015-006791 // 
            
            
            
            CNNVD: CNNVD-201601-196

EXTERNAL IDS
db:NVDid:CVE-2015-8673
Trust: 3.4
db:JVNDBid:JVNDB-2015-006791
Trust: 0.8
db:CNNVDid:CNNVD-201601-196
Trust: 0.7
db:CNVDid:CNVD-2016-00294
Trust: 0.6
db:BIDid:77829
Trust: 0.3
db:VULHUBid:VHN-86634
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-00294 // 
            
            
            
            VULHUB: VHN-86634 // 
            
            
            
            BID: 77829 // 
            
            
            
            JVNDB: JVNDB-2015-006791 // 
            
            
            
            CNNVD: CNNVD-201601-196 // 
            
            
            
            NVD: CVE-2015-8673

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/hw-462952
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8673
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8673
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462952.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-00294 // 
            
            
            
            VULHUB: VHN-86634 // 
            
            
            
            BID: 77829 // 
            
            
            
            JVNDB: JVNDB-2015-006791 // 
            
            
            
            CNNVD: CNNVD-201601-196 // 
            
            
            
            NVD: CVE-2015-8673

CREDITS
Huawei
Trust: 0.3
sources:
            
            
            BID: 77829

SOURCES
db:CNVDid:CNVD-2016-00294
db:VULHUBid:VHN-86634
db:BIDid:77829
db:JVNDBid:JVNDB-2015-006791
db:CNNVDid:CNNVD-201601-196
db:NVDid:CVE-2015-8673

LAST UPDATE DATE
2024-11-23T22:38:46.094000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-00294date:2016-01-19T00:00:00
db:VULHUBid:VHN-86634date:2016-01-20T00:00:00
db:BIDid:77829date:2016-01-14T23:58:00
db:JVNDBid:JVNDB-2015-006791date:2016-01-21T00:00:00
db:CNNVDid:CNNVD-201601-196date:2016-01-13T00:00:00
db:NVDid:CVE-2015-8673date:2024-11-21T02:38:56.700

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-00294date:2016-01-19T00:00:00
db:VULHUBid:VHN-86634date:2016-01-12T00:00:00
db:BIDid:77829date:2015-11-25T00:00:00
db:JVNDBid:JVNDB-2015-006791date:2016-01-21T00:00:00
db:CNNVDid:CNNVD-201601-196date:2016-01-13T00:00:00
db:NVDid:CVE-2015-8673date:2016-01-12T20:59:06.560