Details of VAR-201609-0488

ID

VAR-201609-0488

CVE

CVE-2016-7108

TITLE

Huawei Unified Maintenance Audit Any user password in MD5 Vulnerabilities that can be hashed

Trust: 0.8

sources: JVNDB: JVNDB-2016-004570

DESCRIPTION

Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. Huawei UMA is prone to a security-bypass vulnerability and an information-disclosure vulnerability. Attackers can exploit these issues to bypass security restrictions and gain access to potentially sensitive information. This may aid in other attacks. Huawei Unified Maintenance Audit (UMA) is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. Information disclosure vulnerabilities exist in Huawei UMA V200R001C00SPC200 and earlier versions

Trust: 1.98

sources: NVD: CVE-2016-7108 // JVNDB: JVNDB-2016-004570 // BID: 92619 // VULHUB: VHN-95928

AFFECTED PRODUCTS

vendor:	huawei	model:	uma	scope:	lte	version:	v200r001c00spc200	Trust: 1.0
vendor:	huawei	model:	unified maintenance and audit	scope:	lt	version:	v200r001c00spc200 sph206	Trust: 0.8
vendor:	huawei	model:	uma	scope:	eq	version:	v200r001c00spc200	Trust: 0.6
vendor:	huawei	model:	uma v200r001c00spc200	scope:	-	version:	-	Trust: 0.3

sources: BID: 92619 // JVNDB: JVNDB-2016-004570 // CNNVD: CNNVD-201608-520 // NVD: CVE-2016-7108

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7108
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-7108
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201608-520
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-95928
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-7108
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95928
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7108
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95928 // JVNDB: JVNDB-2016-004570 // CNNVD: CNNVD-201608-520 // NVD: CVE-2016-7108

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-95928 // JVNDB: JVNDB-2016-004570 // NVD: CVE-2016-7108

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-520

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201608-520

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004570

PATCH

title:	huawei-sa-20160824-02-uma	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en	Trust: 0.8
title:	Huawei UMA Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63819	Trust: 0.6

sources: JVNDB: JVNDB-2016-004570 // CNNVD: CNNVD-201608-520

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7108	Trust: 2.8
db:	BID	id:	92619	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-004570	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-520	Trust: 0.7
db:	NSFOCUS	id:	34740	Trust: 0.6
db:	VULHUB	id:	VHN-95928	Trust: 0.1

sources: VULHUB: VHN-95928 // BID: 92619 // JVNDB: JVNDB-2016-004570 // CNNVD: CNNVD-201608-520 // NVD: CVE-2016-7108

REFERENCES

url:	http://www.securityfocus.com/bid/92619	Trust: 1.7
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7108	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7108	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/34740	Trust: 0.6
url:	http://www.huawei.com	Trust: 0.3
url:	http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-02-uma-en	Trust: 0.3

sources: VULHUB: VHN-95928 // BID: 92619 // JVNDB: JVNDB-2016-004570 // CNNVD: CNNVD-201608-520 // NVD: CVE-2016-7108

CREDITS

Third Research Institute of Ministry of Public Security.

Trust: 0.9

sources: BID: 92619 // CNNVD: CNNVD-201608-520

SOURCES

db:	VULHUB	id:	VHN-95928
db:	BID	id:	92619
db:	JVNDB	id:	JVNDB-2016-004570
db:	CNNVD	id:	CNNVD-201608-520
db:	NVD	id:	CVE-2016-7108

LAST UPDATE DATE

2024-11-23T21:42:45.884000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95928	date:	2016-09-08T00:00:00
db:	BID	id:	92619	date:	2016-08-30T19:00:00
db:	JVNDB	id:	JVNDB-2016-004570	date:	2016-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201608-520	date:	2016-09-08T00:00:00
db:	NVD	id:	CVE-2016-7108	date:	2024-11-21T02:57:28.697

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95928	date:	2016-09-07T00:00:00
db:	BID	id:	92619	date:	2016-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2016-004570	date:	2016-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201608-520	date:	2016-08-31T00:00:00
db:	NVD	id:	CVE-2016-7108	date:	2016-09-07T19:28:23.677