Details of VAR-201609-0487

ID

VAR-201609-0487

CVE

CVE-2016-7107

TITLE

Huawei Unified Maintenance Audit Arbitrary user password reset vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004569

DESCRIPTION

Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Huawei UMA is prone to a security-bypass vulnerability and an information-disclosure vulnerability. Attackers can exploit these issues to bypass security restrictions and gain access to potentially sensitive information. This may aid in other attacks. Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. A password reset vulnerability exists in Huawei UMA V200R001C00SPC200 and earlier versions

Trust: 1.98

sources: NVD: CVE-2016-7107 // JVNDB: JVNDB-2016-004569 // BID: 92619 // VULHUB: VHN-95927

AFFECTED PRODUCTS

vendor:	huawei	model:	uma	scope:	lte	version:	v200r001c00spc200	Trust: 1.0
vendor:	huawei	model:	unified maintenance and audit	scope:	lt	version:	v200r001c00spc200 sph206	Trust: 0.8
vendor:	huawei	model:	uma	scope:	eq	version:	v200r001c00spc200	Trust: 0.6
vendor:	huawei	model:	uma v200r001c00spc200	scope:	-	version:	-	Trust: 0.3

sources: BID: 92619 // JVNDB: JVNDB-2016-004569 // CNNVD: CNNVD-201608-519 // NVD: CVE-2016-7107

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7107
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-7107
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201608-519
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-95927
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-7107
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95927
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7107
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95927 // JVNDB: JVNDB-2016-004569 // CNNVD: CNNVD-201608-519 // NVD: CVE-2016-7107

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-95927 // JVNDB: JVNDB-2016-004569 // NVD: CVE-2016-7107

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-519

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201608-519

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004569

PATCH

title:	huawei-sa-20160824-02-uma	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en	Trust: 0.8
title:	Huawei UMA Fixes for password reset vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63818	Trust: 0.6

sources: JVNDB: JVNDB-2016-004569 // CNNVD: CNNVD-201608-519

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7107	Trust: 2.8
db:	BID	id:	92619	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-004569	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-519	Trust: 0.7
db:	NSFOCUS	id:	34738	Trust: 0.6
db:	VULHUB	id:	VHN-95927	Trust: 0.1

sources: VULHUB: VHN-95927 // BID: 92619 // JVNDB: JVNDB-2016-004569 // CNNVD: CNNVD-201608-519 // NVD: CVE-2016-7107

REFERENCES

url:	http://www.securityfocus.com/bid/92619	Trust: 1.7
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7107	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7107	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/34738	Trust: 0.6
url:	http://www.huawei.com	Trust: 0.3
url:	http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-02-uma-en	Trust: 0.3

sources: VULHUB: VHN-95927 // BID: 92619 // JVNDB: JVNDB-2016-004569 // CNNVD: CNNVD-201608-519 // NVD: CVE-2016-7107

CREDITS

Third Research Institute of Ministry of Public Security.

Trust: 0.9

sources: BID: 92619 // CNNVD: CNNVD-201608-519

SOURCES

db:	VULHUB	id:	VHN-95927
db:	BID	id:	92619
db:	JVNDB	id:	JVNDB-2016-004569
db:	CNNVD	id:	CNNVD-201608-519
db:	NVD	id:	CVE-2016-7107

LAST UPDATE DATE

2024-11-23T21:42:45.854000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95927	date:	2016-09-08T00:00:00
db:	BID	id:	92619	date:	2016-08-30T19:00:00
db:	JVNDB	id:	JVNDB-2016-004569	date:	2016-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201608-519	date:	2016-09-08T00:00:00
db:	NVD	id:	CVE-2016-7107	date:	2024-11-21T02:57:28.550

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95927	date:	2016-09-07T00:00:00
db:	BID	id:	92619	date:	2016-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2016-004569	date:	2016-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201608-519	date:	2016-08-31T00:00:00
db:	NVD	id:	CVE-2016-7107	date:	2016-09-07T19:28:22.723