Sign-up

ID

VAR-201610-0306


CVE

CVE-2015-8085


TITLE

plural Huawei Vulnerability in obtaining password in product software

Trust: 0.8

sources: JVNDB: JVNDB-2015-007261

DESCRIPTION

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm. plural Huawei There is a vulnerability in the product software that can obtain and decrypt passwords. Supplementary information : CWE Vulnerability type by CWE-326: Inadequate Encryption Strength ( Incorrect cipher strength ) Has been identified. http://cwe.mitre.org/data/definitions/326.htmlA remotely authenticated administrator can use a choice of reversible encryption algorithms to obtain and decrypt passwords. Huawei AR Routers is an AR series router product from China Huawei. An information disclosure vulnerability exists in Huawei AR Routers. An attacker could exploit this vulnerability to obtain sensitive information. Huawei AR, etc. are routing switches of China Huawei (Huawei). The following products and versions are affected: Huawei AR V200R001 , V200R002 , V200R003 , V200R005C10 , V200R005C20 , V200R005C30 ; Quidway S9300 V200R003C00SPC500 , V200R002C00SPC100 , V200R001C00SPC300 ; S12700 V200R006C00 , V200R005C00 ; S9300 V200R006C00SPC500 , V200R005C00SPC300 ; Quidway S5300 V200R001C00SPC300

Trust: 2.52

sources: NVD: CVE-2015-8085 // JVNDB: JVNDB-2015-007261 // CNVD: CNVD-2015-07446 // BID: 76897 // VULHUB: VHN-86046

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-07446

AFFECTED PRODUCTS

vendor:huaweimodel:s5300scope:eqversion:v200r005c00spc500

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r001c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:s9300scope:eqversion:v200r006c00spc500

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v200r002c00

Trust: 1.6

vendor:huaweimodel:s9300scope:eqversion:v200r005c00spc300

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r002c00

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v200r006c00spc500

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r005c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r003c00

Trust: 1.6

vendor:huaweimodel:arscope:eqversion:v200r002

Trust: 1.0

vendor:huaweimodel:arscope:eqversion:v200r003

Trust: 1.0

vendor:huaweimodel:quidway s9300scope:eqversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:arscope:eqversion:v200r005c30

Trust: 1.0

vendor:huaweimodel:quidway s9300scope:eqversion:v200r003c00spc500

Trust: 1.0

vendor:huaweimodel:arscope:eqversion:v200r005c20

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:quidway s9300scope:eqversion:v200r002c00spc100

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:arscope:eqversion:v200r001

Trust: 1.0

vendor:huaweimodel:quidway s5300scope:eqversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:arscope:eqversion:v200r005c10

Trust: 1.0

vendor:huaweimodel:arscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar routerscope:ltversion:v200r007c00spc100

Trust: 0.8

vendor:huaweimodel:quidway s5300scope: - version: -

Trust: 0.8

vendor:huaweimodel:quidway s5300scope:ltversion:v200r007c00

Trust: 0.8

vendor:huaweimodel:quidway s9300scope: - version: -

Trust: 0.8

vendor:huaweimodel:quidway s9300scope:ltversion:v200r009c00

Trust: 0.8

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s12700scope:ltversion:v200r008c00spc500

Trust: 0.8

vendor:huaweimodel:s5300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5300scope:ltversion:v200r007c00

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope:ltversion:v200r007c00spc500

Trust: 0.8

vendor:huaweimodel:s9300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9300scope:ltversion:v200r007c00

Trust: 0.8

vendor:huaweimodel:ar routersscope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r006c00spc500scope: - version: -

Trust: 0.3

vendor:huaweimodel:s9300 v200r005c00spc300scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r006c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r005c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r003c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r002c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r001c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5300li v200r006c00spc500scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5300 v200r005c00spc500scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5300 v200r002c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s12700 v200r006c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s12700 v200r005c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:quidway s9300 v200r003c00spc500scope: - version: -

Trust: 0.3

vendor:huaweimodel:quidway s9300 v200r003c00spc300scope: - version: -

Trust: 0.3

vendor:huaweimodel:quidway s9300 v200r002c00spc100scope: - version: -

Trust: 0.3

vendor:huaweimodel:quidway s5300 v200r001c00spc300scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar v200r005c30scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar v200r005c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar v200r005c10scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar v200r003scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar v200r002scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar v200r001scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r007c00spc500scope:neversion: -

Trust: 0.3

vendor:huaweimodel:s5300 v200r007c00scope:neversion: -

Trust: 0.3

vendor:huaweimodel:s12700 v200r008c00spc500scope:neversion: -

Trust: 0.3

vendor:huaweimodel:quidway s9300 v200r009c00scope:neversion: -

Trust: 0.3

vendor:huaweimodel:quidway s5300 v200r007c00scope:neversion: -

Trust: 0.3

vendor:huaweimodel:ar v200r007c00spc100scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2015-07446 // BID: 76897 // JVNDB: JVNDB-2015-007261 // CNNVD: CNNVD-201510-757 // NVD: CVE-2015-8085

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8085
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-8085
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-07446
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201510-757
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86046
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8085
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-07446
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86046
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8085
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2015-07446 // VULHUB: VHN-86046 // JVNDB: JVNDB-2015-007261 // CNNVD: CNNVD-201510-757 // NVD: CVE-2015-8085

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-86046 // JVNDB: JVNDB-2015-007261 // NVD: CVE-2015-8085

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-757

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-757

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007261

PATCH
title:Huawei-SA-20150930-01-Routersurl:http://www.huawei.com/en/psirt/security-advisories/hw-455876
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-007261

EXTERNAL IDS
db:NVDid:CVE-2015-8085
Trust: 3.4
db:BIDid:76897
Trust: 2.6
db:JVNDBid:JVNDB-2015-007261
Trust: 0.8
db:CNNVDid:CNNVD-201510-757
Trust: 0.7
db:CNVDid:CNVD-2015-07446
Trust: 0.6
db:SEEBUGid:SSVID-89742
Trust: 0.1
db:VULHUBid:VHN-86046
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07446 // 
            
            
            
            VULHUB: VHN-86046 // 
            
            
            
            BID: 76897 // 
            
            
            
            JVNDB: JVNDB-2015-007261 // 
            
            
            
            CNNVD: CNNVD-201510-757 // 
            
            
            
            NVD: CVE-2015-8085

REFERENCES
url:http://www.securityfocus.com/bid/76897
Trust: 2.3
url:http://www.huawei.com/en/psirt/security-advisories/hw-455876
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8085
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8085
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-455876.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-07446 // 
            
            
            
            VULHUB: VHN-86046 // 
            
            
            
            BID: 76897 // 
            
            
            
            JVNDB: JVNDB-2015-007261 // 
            
            
            
            CNNVD: CNNVD-201510-757 // 
            
            
            
            NVD: CVE-2015-8085

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 76897

SOURCES
db:CNVDid:CNVD-2015-07446
db:VULHUBid:VHN-86046
db:BIDid:76897
db:JVNDBid:JVNDB-2015-007261
db:CNNVDid:CNNVD-201510-757
db:NVDid:CVE-2015-8085

LAST UPDATE DATE
2024-11-23T22:34:47.751000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-07446date:2015-11-24T00:00:00
db:VULHUBid:VHN-86046date:2016-11-28T00:00:00
db:BIDid:76897date:2016-09-19T17:00:00
db:JVNDBid:JVNDB-2015-007261date:2016-10-06T00:00:00
db:CNNVDid:CNNVD-201510-757date:2016-10-09T00:00:00
db:NVDid:CVE-2015-8085date:2024-11-21T02:37:59.440

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-07446date:2015-11-12T00:00:00
db:VULHUBid:VHN-86046date:2016-10-03T00:00:00
db:BIDid:76897date:2015-09-30T00:00:00
db:JVNDBid:JVNDB-2015-007261date:2016-10-06T00:00:00
db:CNNVDid:CNNVD-201510-757date:2015-09-30T00:00:00
db:NVDid:CVE-2015-8085date:2016-10-03T21:59:03.800