Sign-up

ID

VAR-201601-0158


CVE

CVE-2015-8675


TITLE

Huawei S5300 Vulnerability in the acquisition of important password information in series switch software

Trust: 0.8

sources: JVNDB: JVNDB-2015-006831

DESCRIPTION

Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. HuaweiEthernetSwitch is an Ethernet switch product from China Huawei. A security vulnerability exists in HuaweiEthernetSwitch, which allows an attacker to submit a special request for sensitive information. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. There is a security vulnerability in the Huawei S5300 using software versions earlier than V200R005SPH008. The vulnerability stems from the fact that the program does not hide passwords when uploading files

Trust: 2.52

sources: NVD: CVE-2015-8675 // JVNDB: JVNDB-2015-006831 // CNVD: CNVD-2016-00361 // BID: 80359 // VULHUB: VHN-86636

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-00361

AFFECTED PRODUCTS

vendor:huaweimodel:s5300scope:eqversion:v200r005c02

Trust: 1.6

vendor:huaweimodel:s5300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5300scope:ltversion:v200r005sph008

Trust: 0.8

vendor:huaweimodel:ethernet switchesscope: - version: -

Trust: 0.6

vendor:huaweimodel:s5300 v200r005c02scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5300 v200r005sph008scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2016-00361 // BID: 80359 // JVNDB: JVNDB-2015-006831 // CNNVD: CNNVD-201601-272 // NVD: CVE-2015-8675

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8675
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-8675
value: LOW

Trust: 0.8

CNVD: CNVD-2016-00361
value: LOW

Trust: 0.6

CNNVD: CNNVD-201601-272
value: LOW

Trust: 0.6

VULHUB: VHN-86636
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-8675
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00361
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86636
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8675
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-00361 // VULHUB: VHN-86636 // JVNDB: JVNDB-2015-006831 // CNNVD: CNNVD-201601-272 // NVD: CVE-2015-8675

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-86636 // JVNDB: JVNDB-2015-006831 // NVD: CVE-2015-8675

THREAT TYPE

local

Trust: 0.9

sources: BID: 80359 // CNNVD: CNNVD-201601-272

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201601-272

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006831

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-86636

PATCH
title:Huawei-SA-20160112-01-Switchurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160112-01-switch-en
Trust: 0.8
title:HuaweiEthernetSwitch Local Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/70248
Trust: 0.6
title:Huawei S5300 Fixes for local information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59611
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-00361 // 
            
            
            
            JVNDB: JVNDB-2015-006831 // 
            
            
            
            CNNVD: CNNVD-201601-272

EXTERNAL IDS
db:NVDid:CVE-2015-8675
Trust: 3.4
db:BIDid:80359
Trust: 1.6
db:JVNDBid:JVNDB-2015-006831
Trust: 0.8
db:CNNVDid:CNNVD-201601-272
Trust: 0.7
db:CNVDid:CNVD-2016-00361
Trust: 0.6
db:VULHUBid:VHN-86636
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-00361 // 
            
            
            
            VULHUB: VHN-86636 // 
            
            
            
            BID: 80359 // 
            
            
            
            JVNDB: JVNDB-2015-006831 // 
            
            
            
            CNNVD: CNNVD-201601-272 // 
            
            
            
            NVD: CVE-2015-8675

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160112-01-switch-en
Trust: 2.0
url:http://www.securityfocus.com/bid/80359
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8675
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8675
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-00361 // 
            
            
            
            VULHUB: VHN-86636 // 
            
            
            
            BID: 80359 // 
            
            
            
            JVNDB: JVNDB-2015-006831 // 
            
            
            
            CNNVD: CNNVD-201601-272 // 
            
            
            
            NVD: CVE-2015-8675

CREDITS
The vendor reported the issue.
Trust: 0.3
sources:
            
            
            BID: 80359

SOURCES
db:CNVDid:CNVD-2016-00361
db:VULHUBid:VHN-86636
db:BIDid:80359
db:JVNDBid:JVNDB-2015-006831
db:CNNVDid:CNNVD-201601-272
db:NVDid:CVE-2015-8675

LAST UPDATE DATE
2024-11-23T22:34:51.582000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-00361date:2016-01-20T00:00:00
db:VULHUBid:VHN-86636date:2016-01-21T00:00:00
db:BIDid:80359date:2016-01-12T00:00:00
db:JVNDBid:JVNDB-2015-006831date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-272date:2016-01-18T00:00:00
db:NVDid:CVE-2015-8675date:2024-11-21T02:38:56.850

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-00361date:2016-01-20T00:00:00
db:VULHUBid:VHN-86636date:2016-01-15T00:00:00
db:BIDid:80359date:2016-01-12T00:00:00
db:JVNDBid:JVNDB-2015-006831date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-272date:2016-01-15T00:00:00
db:NVDid:CVE-2015-8675date:2016-01-15T19:59:00.117