Details of VAR-201604-0302

ID

VAR-201604-0302

CVE

CVE-2016-2405

TITLE

Huawei Policy Center Vulnerabilities that can be used to gain privileges in other software

Trust: 0.8

sources: JVNDB: JVNDB-2016-002069

DESCRIPTION

Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL. Huawei Policy Center is a set of policy management center software from China's Huawei. The software provides functions such as visitor management and personalized Portal login interface. An elevation of privilege vulnerability exists in the Huawei Policy Center. An attacker could use this vulnerability to gain elevated permissions and perform unauthorized operations

Trust: 2.25

sources: NVD: CVE-2016-2405 // JVNDB: JVNDB-2016-002069 // CNNVD: CNNVD-201602-411 // VULHUB: VHN-91224

AFFECTED PRODUCTS

vendor:	huawei	model:	policy center	scope:	eq	version:	v100r003c10	Trust: 1.0
vendor:	huawei	model:	policy center	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	policy center	scope:	lt	version:	v100r003c10spc020	Trust: 0.8
vendor:	huawei	model:	policy center	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2016-002069 // CNNVD: CNNVD-201604-214 // NVD: CVE-2016-2405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2405
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-2405
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201604-214
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-91224
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-2405
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-91224
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2405
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-91224 // JVNDB: JVNDB-2016-002069 // CNNVD: CNNVD-201604-214 // NVD: CVE-2016-2405

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-91224 // JVNDB: JVNDB-2016-002069 // NVD: CVE-2016-2405

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201604-214 // CNNVD: CNNVD-201602-411

TYPE

permissions and access control

Trust: 1.2

sources: CNNVD: CNNVD-201604-214 // CNNVD: CNNVD-201602-411

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002069

PATCH

title:	huawei-sa-20160217-01-policycenter	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-policycenter-en	Trust: 0.8
title:	Huawei Policy Center Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60901	Trust: 0.6

sources: JVNDB: JVNDB-2016-002069 // CNNVD: CNNVD-201604-214

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2405	Trust: 2.5
db:	JVNDB	id:	JVNDB-2016-002069	Trust: 0.8
db:	BID	id:	83291	Trust: 0.7
db:	CNNVD	id:	CNNVD-201604-214	Trust: 0.7
db:	CNNVD	id:	CNNVD-201602-411	Trust: 0.6
db:	VULHUB	id:	VHN-91224	Trust: 0.1

sources: VULHUB: VHN-91224 // JVNDB: JVNDB-2016-002069 // CNNVD: CNNVD-201604-214 // CNNVD: CNNVD-201602-411 // NVD: CVE-2016-2405

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-policycenter-en	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2405	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2405	Trust: 0.8
url:	http://www.securityfocus.com/bid/83291	Trust: 0.6

sources: VULHUB: VHN-91224 // JVNDB: JVNDB-2016-002069 // CNNVD: CNNVD-201604-214 // CNNVD: CNNVD-201602-411 // NVD: CVE-2016-2405

SOURCES

db:	VULHUB	id:	VHN-91224
db:	JVNDB	id:	JVNDB-2016-002069
db:	CNNVD	id:	CNNVD-201604-214
db:	CNNVD	id:	CNNVD-201602-411
db:	NVD	id:	CVE-2016-2405

LAST UPDATE DATE

2024-11-23T22:52:41.156000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-91224	date:	2016-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-002069	date:	2016-04-18T00:00:00
db:	CNNVD	id:	CNNVD-201604-214	date:	2016-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201602-411	date:	2016-02-23T00:00:00
db:	NVD	id:	CVE-2016-2405	date:	2024-11-21T02:48:23.940

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-91224	date:	2016-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-002069	date:	2016-04-18T00:00:00
db:	CNNVD	id:	CNNVD-201604-214	date:	2016-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201602-411	date:	2016-02-23T00:00:00
db:	NVD	id:	CVE-2016-2405	date:	2016-04-12T17:59:02.293