Sign-up

ID

VAR-201609-0490


CVE

CVE-2016-7110


TITLE

Huawei Unified Maintenance Audit Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-004568

DESCRIPTION

Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109. Huawei UMA is prone to multiple command-injection vulnerabilities. Attackers can exploit these issues to obtain sensitive information or execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Versions prior to UMA V200R001C00SPC200 are vulnerable. Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. A remote attacker can use specially crafted characters to exploit this vulnerability to obtain sensitive information of the device, or modify device data, causing the device to fail

Trust: 2.07

sources: NVD: CVE-2016-7110 // JVNDB: JVNDB-2016-004568 // BID: 92617 // VULHUB: VHN-95930 // VULMON: CVE-2016-7110

AFFECTED PRODUCTS

vendor:huaweimodel:umascope:lteversion:v200r001c00spc100

Trust: 1.0

vendor:huaweimodel:unified maintenance and auditscope:ltversion:v200r001c00spc200

Trust: 0.8

vendor:huaweimodel:umascope:eqversion:v200r001c00spc100

Trust: 0.6

vendor:huaweimodel:uma v200r001c00spc100scope: - version: -

Trust: 0.3

vendor:huaweimodel:uma v200r001scope: - version: -

Trust: 0.3

vendor:huaweimodel:uma v100r001scope: - version: -

Trust: 0.3

vendor:huaweimodel:uma v200r001c00spc200scope:neversion: -

Trust: 0.3

sources: BID: 92617 // JVNDB: JVNDB-2016-004568 // CNNVD: CNNVD-201608-522 // NVD: CVE-2016-7110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7110
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-7110
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201608-522
value: CRITICAL

Trust: 0.6

VULHUB: VHN-95930
value: HIGH

Trust: 0.1

VULMON: CVE-2016-7110
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-7110
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-95930
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7110
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95930 // VULMON: CVE-2016-7110 // JVNDB: JVNDB-2016-004568 // CNNVD: CNNVD-201608-522 // NVD: CVE-2016-7110

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-95930 // JVNDB: JVNDB-2016-004568 // NVD: CVE-2016-7110

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-522

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201608-522

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004568

PATCH
title:huawei-sa-20160824-01-umaurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en
Trust: 0.8
title:Huawei UMA Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63821
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004568 // 
            
            
            
            CNNVD: CNNVD-201608-522

EXTERNAL IDS
db:NVDid:CVE-2016-7110
Trust: 2.9
db:BIDid:92617
Trust: 2.1
db:JVNDBid:JVNDB-2016-004568
Trust: 0.8
db:CNNVDid:CNNVD-201608-522
Trust: 0.7
db:NSFOCUSid:34734
Trust: 0.6
db:VULHUBid:VHN-95930
Trust: 0.1
db:VULMONid:CVE-2016-7110
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95930 // 
            
            
            
            VULMON: CVE-2016-7110 // 
            
            
            
            BID: 92617 // 
            
            
            
            JVNDB: JVNDB-2016-004568 // 
            
            
            
            CNNVD: CNNVD-201608-522 // 
            
            
            
            NVD: CVE-2016-7110

REFERENCES
url:http://www.securityfocus.com/bid/92617
Trust: 1.9
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7110
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7110
Trust: 0.8
url:http://www.nsfocus.net/vulndb/34734
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-uma-en
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/94.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95930 // 
            
            
            
            VULMON: CVE-2016-7110 // 
            
            
            
            BID: 92617 // 
            
            
            
            JVNDB: JVNDB-2016-004568 // 
            
            
            
            CNNVD: CNNVD-201608-522 // 
            
            
            
            NVD: CVE-2016-7110

CREDITS
Third Research Institute of Ministry of Public Security.
Trust: 0.9
sources:
            
            
            BID: 92617 // 
            
            
            
            CNNVD: CNNVD-201608-522

SOURCES
db:VULHUBid:VHN-95930
db:VULMONid:CVE-2016-7110
db:BIDid:92617
db:JVNDBid:JVNDB-2016-004568
db:CNNVDid:CNNVD-201608-522
db:NVDid:CVE-2016-7110

LAST UPDATE DATE
2024-11-23T22:30:57.156000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95930date:2016-09-08T00:00:00
db:VULMONid:CVE-2016-7110date:2016-09-08T00:00:00
db:BIDid:92617date:2016-08-30T19:00:00
db:JVNDBid:JVNDB-2016-004568date:2016-09-09T00:00:00
db:CNNVDid:CNNVD-201608-522date:2016-09-08T00:00:00
db:NVDid:CVE-2016-7110date:2024-11-21T02:57:28.970

SOURCES RELEASE DATE
db:VULHUBid:VHN-95930date:2016-09-07T00:00:00
db:VULMONid:CVE-2016-7110date:2016-09-07T00:00:00
db:BIDid:92617date:2016-08-24T00:00:00
db:JVNDBid:JVNDB-2016-004568date:2016-09-09T00:00:00
db:CNNVDid:CNNVD-201608-522date:2016-08-31T00:00:00
db:NVDid:CVE-2016-7110date:2016-09-07T19:28:25.803