Sign-up

ID

VAR-201610-0307


CVE

CVE-2015-8086


TITLE

plural Huawei Vulnerability in obtaining encryption key and ciphertext password in product software

Trust: 0.8

sources: JVNDB: JVNDB-2015-007262

DESCRIPTION

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. plural Huawei There is a vulnerability in the product software that allows the encryption key and ciphertext password to be obtained. Supplementary information : CWE Vulnerability type by CWE-326: Inadequate Encryption Strength ( Incorrect cipher strength ) Has been identified. Huawei AR Routers is an AR series router product from China Huawei. An information disclosure vulnerability exists in Huawei AR Routers. An attacker could exploit this vulnerability to obtain sensitive information. Huawei AR, etc. are routing switches of China Huawei (Huawei). Remote attackers can use the keystore to exploit this vulnerability to gain administrator privileges and crack hard-coded keys and ciphertext passwords. The following products and versions are affected: Huawei AR V200R001 , V200R002 , V200R003 , V200R005C10 , V200R005C20 , V200R005C30 ; Quidway S9300 V200R003C00SPC500 , V200R002C00SPC100 , V200R001C00SPC300 ; S12700 V200R006C00 , V200R005C00 ; S9300 V200R006C00SPC500 , V200R005C00SPC300 ; Quidway S5300 V200R001C00SPC300

Trust: 2.52

sources: NVD: CVE-2015-8086 // JVNDB: JVNDB-2015-007262 // CNVD: CNVD-2015-07446 // BID: 76897 // VULHUB: VHN-86047

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-07446

AFFECTED PRODUCTS

vendor:huaweimodel:arscope:eqversion:v200r005c10

Trust: 1.6

vendor:huaweimodel:arscope:eqversion:v200r005c30

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v200r005c00spc500

Trust: 1.6

vendor:huaweimodel:arscope:eqversion:v200r001

Trust: 1.6

vendor:huaweimodel:s9300scope:eqversion:v200r006c00spc500

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v200r002c00

Trust: 1.6

vendor:huaweimodel:s9300scope:eqversion:v200r005c00spc300

Trust: 1.6

vendor:huaweimodel:arscope:eqversion:v200r005c20

Trust: 1.6

vendor:huaweimodel:s5300scope:eqversion:v200r006c00spc500

Trust: 1.6

vendor:huaweimodel:arscope:eqversion:v200r003

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r002c00

Trust: 1.0

vendor:huaweimodel:arscope:eqversion:v200r002

Trust: 1.0

vendor:huaweimodel:quidway s9300scope:eqversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:quidway s9300scope:eqversion:v200r003c00spc500

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:quidway s9300scope:eqversion:v200r002c00spc100

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r001c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:quidway s5300scope:eqversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:arscope: - version: -

Trust: 0.8

vendor:huaweimodel:ar routerscope:ltversion:v200r007c00spc100

Trust: 0.8

vendor:huaweimodel:quidway s5300scope: - version: -

Trust: 0.8

vendor:huaweimodel:quidway s5300scope:ltversion:v200r007c00

Trust: 0.8

vendor:huaweimodel:quidway s9300scope: - version: -

Trust: 0.8

vendor:huaweimodel:quidway s9300scope:ltversion:v200r009c00

Trust: 0.8

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s12700scope:ltversion:v200r008c00spc500

Trust: 0.8

vendor:huaweimodel:s5300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5300scope:ltversion:v200r007c00

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope:ltversion:v200r007c00spc500

Trust: 0.8

vendor:huaweimodel:s9300scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9300scope:ltversion:v200r007c00

Trust: 0.8

vendor:huaweimodel:ar routersscope: - version: -

Trust: 0.6

vendor:huaweimodel:s9300 v200r006c00spc500scope: - version: -

Trust: 0.3

vendor:huaweimodel:s9300 v200r005c00spc300scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r006c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r005c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r003c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r002c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r001c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5300li v200r006c00spc500scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5300 v200r005c00spc500scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5300 v200r002c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s12700 v200r006c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:s12700 v200r005c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:quidway s9300 v200r003c00spc500scope: - version: -

Trust: 0.3

vendor:huaweimodel:quidway s9300 v200r003c00spc300scope: - version: -

Trust: 0.3

vendor:huaweimodel:quidway s9300 v200r002c00spc100scope: - version: -

Trust: 0.3

vendor:huaweimodel:quidway s5300 v200r001c00spc300scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar v200r005c30scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar v200r005c20scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar v200r005c10scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar v200r003scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar v200r002scope: - version: -

Trust: 0.3

vendor:huaweimodel:ar v200r001scope: - version: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r007c00spc500scope:neversion: -

Trust: 0.3

vendor:huaweimodel:s5300 v200r007c00scope:neversion: -

Trust: 0.3

vendor:huaweimodel:s12700 v200r008c00spc500scope:neversion: -

Trust: 0.3

vendor:huaweimodel:quidway s9300 v200r009c00scope:neversion: -

Trust: 0.3

vendor:huaweimodel:quidway s5300 v200r007c00scope:neversion: -

Trust: 0.3

vendor:huaweimodel:ar v200r007c00spc100scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2015-07446 // BID: 76897 // JVNDB: JVNDB-2015-007262 // CNNVD: CNNVD-201511-337 // NVD: CVE-2015-8086

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8086
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-8086
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-07446
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201511-337
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86047
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8086
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-07446
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86047
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8086
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2015-07446 // VULHUB: VHN-86047 // JVNDB: JVNDB-2015-007262 // CNNVD: CNNVD-201511-337 // NVD: CVE-2015-8086

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-86047 // JVNDB: JVNDB-2015-007262 // NVD: CVE-2015-8086

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-337

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201511-337

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007262

PATCH
title:Huawei-SA-20150930-01-Routersurl:http://www.huawei.com/en/psirt/security-advisories/hw-455876
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-007262

EXTERNAL IDS
db:NVDid:CVE-2015-8086
Trust: 3.4
db:BIDid:76897
Trust: 2.6
db:JVNDBid:JVNDB-2015-007262
Trust: 0.8
db:CNNVDid:CNNVD-201511-337
Trust: 0.7
db:CNVDid:CNVD-2015-07446
Trust: 0.6
db:VULHUBid:VHN-86047
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07446 // 
            
            
            
            VULHUB: VHN-86047 // 
            
            
            
            BID: 76897 // 
            
            
            
            JVNDB: JVNDB-2015-007262 // 
            
            
            
            CNNVD: CNNVD-201511-337 // 
            
            
            
            NVD: CVE-2015-8086

REFERENCES
url:http://www.securityfocus.com/bid/76897
Trust: 2.3
url:http://www.huawei.com/en/psirt/security-advisories/hw-455876
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8086
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8086
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-455876.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-07446 // 
            
            
            
            VULHUB: VHN-86047 // 
            
            
            
            BID: 76897 // 
            
            
            
            JVNDB: JVNDB-2015-007262 // 
            
            
            
            CNNVD: CNNVD-201511-337 // 
            
            
            
            NVD: CVE-2015-8086

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 76897

SOURCES
db:CNVDid:CNVD-2015-07446
db:VULHUBid:VHN-86047
db:BIDid:76897
db:JVNDBid:JVNDB-2015-007262
db:CNNVDid:CNNVD-201511-337
db:NVDid:CVE-2015-8086

LAST UPDATE DATE
2024-11-23T22:34:47.786000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-07446date:2015-11-24T00:00:00
db:VULHUBid:VHN-86047date:2016-11-28T00:00:00
db:BIDid:76897date:2016-09-19T17:00:00
db:JVNDBid:JVNDB-2015-007262date:2016-10-06T00:00:00
db:CNNVDid:CNNVD-201511-337date:2016-10-09T00:00:00
db:NVDid:CVE-2015-8086date:2024-11-21T02:37:59.587

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-07446date:2015-11-12T00:00:00
db:VULHUBid:VHN-86047date:2016-10-03T00:00:00
db:BIDid:76897date:2015-09-30T00:00:00
db:JVNDBid:JVNDB-2015-007262date:2016-10-06T00:00:00
db:CNNVDid:CNNVD-201511-337date:2015-09-30T00:00:00
db:NVDid:CVE-2015-8086date:2016-10-03T21:59:04.893