Sign-up

ID

VAR-201602-0081


CVE

CVE-2016-2214


TITLE

Huawei Agile Controller-Campus Software cross-site scripting vulnerability in unspecified portal authentication page

Trust: 0.8

sources: JVNDB: JVNDB-2016-001552

DESCRIPTION

Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Huawei Agile Controller-Campus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Huawei Agile Controller-Campus is a multi-service converged, open and compatible controller product of China Huawei (Huawei). This product provides functions such as access control, visitor management, and network-wide security assistance

Trust: 1.98

sources: NVD: CVE-2016-2214 // JVNDB: JVNDB-2016-001552 // BID: 82485 // VULHUB: VHN-91033

AFFECTED PRODUCTS

vendor:huaweimodel:agile controller-campusscope:eqversion:v100r001c00spc315

Trust: 1.6

vendor:huaweimodel:agile controller-campusscope:ltversion:v100r001c00spc319

Trust: 0.8

sources: JVNDB: JVNDB-2016-001552 // CNNVD: CNNVD-201602-167 // NVD: CVE-2016-2214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2214
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-2214
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201602-167
value: MEDIUM

Trust: 0.6

VULHUB: VHN-91033
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-2214
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-91033
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-2214
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-91033 // JVNDB: JVNDB-2016-001552 // CNNVD: CNNVD-201602-167 // NVD: CVE-2016-2214

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-91033 // JVNDB: JVNDB-2016-001552 // NVD: CVE-2016-2214

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-167

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201602-167

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001552

PATCH
title:huawei-sa-20160203-01-agilecontrollerurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160203-01-agilecontroller-en
Trust: 0.8
title:Huawei Agile Controller-Campus Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60113
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-001552 // 
            
            
            
            CNNVD: CNNVD-201602-167

EXTERNAL IDS
db:NVDid:CVE-2016-2214
Trust: 2.8
db:JVNDBid:JVNDB-2016-001552
Trust: 0.8
db:CNNVDid:CNNVD-201602-167
Trust: 0.7
db:BIDid:82485
Trust: 0.4
db:VULHUBid:VHN-91033
Trust: 0.1
sources:
            
            
            VULHUB: VHN-91033 // 
            
            
            
            BID: 82485 // 
            
            
            
            JVNDB: JVNDB-2016-001552 // 
            
            
            
            CNNVD: CNNVD-201602-167 // 
            
            
            
            NVD: CVE-2016-2214

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160203-01-agilecontroller-en
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2214
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2214
Trust: 0.8
url:http://e.huawei.com/en/products/software/sdn-controller/agile-controller-en/campus
Trust: 0.3
sources:
            
            
            VULHUB: VHN-91033 // 
            
            
            
            BID: 82485 // 
            
            
            
            JVNDB: JVNDB-2016-001552 // 
            
            
            
            CNNVD: CNNVD-201602-167 // 
            
            
            
            NVD: CVE-2016-2214

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 82485

SOURCES
db:VULHUBid:VHN-91033
db:BIDid:82485
db:JVNDBid:JVNDB-2016-001552
db:CNNVDid:CNNVD-201602-167
db:NVDid:CVE-2016-2214

LAST UPDATE DATE
2024-11-23T22:49:16.196000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-91033date:2016-03-02T00:00:00
db:BIDid:82485date:2016-07-05T21:22:00
db:JVNDBid:JVNDB-2016-001552date:2016-03-03T00:00:00
db:CNNVDid:CNNVD-201602-167date:2016-02-15T00:00:00
db:NVDid:CVE-2016-2214date:2024-11-21T02:48:03.563

SOURCES RELEASE DATE
db:VULHUBid:VHN-91033date:2016-02-08T00:00:00
db:BIDid:82485date:2016-02-03T00:00:00
db:JVNDBid:JVNDB-2016-001552date:2016-03-03T00:00:00
db:CNNVDid:CNNVD-201602-167date:2016-02-15T00:00:00
db:NVDid:CVE-2016-2214date:2016-02-08T19:59:08.813