Details of VAR-201609-0489

ID

VAR-201609-0489

CVE

CVE-2016-7109

TITLE

Huawei Unified Maintenance Audit Vulnerabilities in arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-004567

DESCRIPTION

Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110. Huawei UMA is prone to multiple command-injection vulnerabilities. Attackers can exploit these issues to obtain sensitive information or execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Versions prior to UMA V200R001C00SPC200 are vulnerable. Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit

Trust: 1.98

sources: NVD: CVE-2016-7109 // JVNDB: JVNDB-2016-004567 // BID: 92617 // VULHUB: VHN-95929

AFFECTED PRODUCTS

vendor:	huawei	model:	uma	scope:	lte	version:	v200r001c00spc100	Trust: 1.0
vendor:	huawei	model:	unified maintenance and audit	scope:	lt	version:	v200r001c00spc200	Trust: 0.8
vendor:	huawei	model:	uma	scope:	eq	version:	v200r001c00spc100	Trust: 0.6
vendor:	huawei	model:	uma v200r001c00spc100	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	uma v200r001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	uma v100r001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	uma v200r001c00spc200	scope:	ne	version:	-	Trust: 0.3

sources: BID: 92617 // JVNDB: JVNDB-2016-004567 // CNNVD: CNNVD-201608-521 // NVD: CVE-2016-7109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7109
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-7109
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201608-521
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-95929
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-7109
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95929
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7109
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95929 // JVNDB: JVNDB-2016-004567 // CNNVD: CNNVD-201608-521 // NVD: CVE-2016-7109

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-95929 // JVNDB: JVNDB-2016-004567 // NVD: CVE-2016-7109

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-521

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201608-521

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004567

PATCH

title:	huawei-sa-20160824-01-uma	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en	Trust: 0.8
title:	Huawei UMA Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63820	Trust: 0.6

sources: JVNDB: JVNDB-2016-004567 // CNNVD: CNNVD-201608-521

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7109	Trust: 2.8
db:	BID	id:	92617	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-004567	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-521	Trust: 0.7
db:	NSFOCUS	id:	34741	Trust: 0.6
db:	VULHUB	id:	VHN-95929	Trust: 0.1

sources: VULHUB: VHN-95929 // BID: 92617 // JVNDB: JVNDB-2016-004567 // CNNVD: CNNVD-201608-521 // NVD: CVE-2016-7109

REFERENCES

url:	http://www.securityfocus.com/bid/92617	Trust: 1.7
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7109	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7109	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/34741	Trust: 0.6
url:	http://www.huawei.com	Trust: 0.3
url:	http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-uma-en	Trust: 0.3

sources: VULHUB: VHN-95929 // BID: 92617 // JVNDB: JVNDB-2016-004567 // CNNVD: CNNVD-201608-521 // NVD: CVE-2016-7109

CREDITS

Third Research Institute of Ministry of Public Security.

Trust: 0.9

sources: BID: 92617 // CNNVD: CNNVD-201608-521

SOURCES

db:	VULHUB	id:	VHN-95929
db:	BID	id:	92617
db:	JVNDB	id:	JVNDB-2016-004567
db:	CNNVD	id:	CNNVD-201608-521
db:	NVD	id:	CVE-2016-7109

LAST UPDATE DATE

2024-11-23T22:30:57.190000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95929	date:	2016-09-08T00:00:00
db:	BID	id:	92617	date:	2016-08-30T19:00:00
db:	JVNDB	id:	JVNDB-2016-004567	date:	2016-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201608-521	date:	2016-10-26T00:00:00
db:	NVD	id:	CVE-2016-7109	date:	2024-11-21T02:57:28.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95929	date:	2016-09-07T00:00:00
db:	BID	id:	92617	date:	2016-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2016-004567	date:	2016-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201608-521	date:	2016-08-31T00:00:00
db:	NVD	id:	CVE-2016-7109	date:	2016-09-07T19:28:24.787