Sign-up

ID

VAR-201705-2542


CVE

CVE-2015-6586


TITLE

plural Huawei WLAN AC Device software mDNS Vulnerability in module where important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-007570

DESCRIPTION

The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network. Huawei WLAN AC6005 is a wireless access controller product from China Huawei. An information disclosure vulnerability exists in the mDNS module module of several Huawei WLAN AC products. An attacker could exploit the vulnerability to disclose sensitive information. The following products and versions are affected: WLAN AC6005 V200R005C00, V200R005C10, and V200R006C00 WLAN AC6605 V200R005C00, V200R005C10, and V200R006C00 WLAN ACU2 V200R005C00, V200R005C10, and V200R006C00. mDNS is one of the multicast DNS transmission modules. The vulnerability stems from the fact that the program does not handle mDNS correctly

Trust: 2.52

sources: NVD: CVE-2015-6586 // JVNDB: JVNDB-2015-007570 // CNVD: CNVD-2015-06224 // BID: 76684 // VULHUB: VHN-84547

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-06224

AFFECTED PRODUCTS

vendor:huaweimodel:wlan ac6005scope:lteversion:v200r005c10

Trust: 1.0

vendor:huaweimodel:wlan ac6605scope:lteversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:wlan acu2scope:lteversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:wlan ac6605scope:lteversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:wlan acu2scope:lteversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:wlan ac6005scope:lteversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:wlan ac6005scope:lteversion:v200r005c00

Trust: 1.0

vendor:huaweimodel:wlan ac6605scope:lteversion:v200r005c10

Trust: 1.0

vendor:huaweimodel:wlan acu2scope:lteversion:v200r005c10

Trust: 1.0

vendor:huaweimodel:ac6005scope:ltversion:v200r006c00spc100

Trust: 0.8

vendor:huaweimodel:ac6605scope:ltversion:v200r006c00spc100

Trust: 0.8

vendor:huaweimodel:acu2scope:ltversion:v200r006c00spc100

Trust: 0.8

vendor:huaweimodel:wlan ac6005scope: - version: -

Trust: 0.6

vendor:huaweimodel:wlan ac6605scope:eqversion:v200r006c00

Trust: 0.6

vendor:huaweimodel:wlan acu2scope:eqversion:v200r005c00

Trust: 0.6

vendor:huaweimodel:wlan ac6005scope:eqversion:v200r006c00

Trust: 0.6

vendor:huaweimodel:wlan ac6605scope:eqversion:v200r005c10

Trust: 0.6

vendor:huaweimodel:wlan ac6005scope:eqversion:v200r005c10

Trust: 0.6

vendor:huaweimodel:wlan acu2scope:eqversion:v200r006c00

Trust: 0.6

vendor:huaweimodel:wlan ac6605scope:eqversion:v200r005c00

Trust: 0.6

vendor:huaweimodel:wlan acu2scope:eqversion:v200r005c10

Trust: 0.6

vendor:huaweimodel:wlan ac6005scope:eqversion:v200r005c00

Trust: 0.6

vendor:huaweimodel:wlan acu2 v200r006c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:wlan acu2 v200r005c10scope: - version: -

Trust: 0.3

vendor:huaweimodel:wlan acu2 v200r005c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:wlan ac6605 v200r006c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:wlan ac6605 v200r005c10scope: - version: -

Trust: 0.3

vendor:huaweimodel:wlan ac6605 v200r005c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:wlan ac6005 v200r006c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:wlan ac6005 v200r005c10scope: - version: -

Trust: 0.3

vendor:huaweimodel:wlan ac6005 v200r005c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:wlan acu2 v200r006c00spc100scope:neversion: -

Trust: 0.3

vendor:huaweimodel:wlan ac6605 v200r006c00spc100scope:neversion: -

Trust: 0.3

vendor:huaweimodel:wlan ac6005 v200r006c00spc100scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2015-06224 // BID: 76684 // JVNDB: JVNDB-2015-007570 // CNNVD: CNNVD-201509-272 // NVD: CVE-2015-6586

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6586
value: HIGH

Trust: 1.0

NVD: CVE-2015-6586
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-06224
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201509-272
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84547
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6586
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06224
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84547
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-6586
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2015-06224 // VULHUB: VHN-84547 // JVNDB: JVNDB-2015-007570 // CNNVD: CNNVD-201509-272 // NVD: CVE-2015-6586

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-84547 // JVNDB: JVNDB-2015-007570 // NVD: CVE-2015-6586

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-272

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201509-272

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007570

PATCH
title:Huawei-SA-20150909-01-mDNSurl:http://www.huawei.com/en/psirt/security-advisories/hw-453516
Trust: 0.8
title:Patches for various Huawei WLAN AC product information disclosure vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/64456
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06224 // 
            
            
            
            JVNDB: JVNDB-2015-007570

EXTERNAL IDS
db:NVDid:CVE-2015-6586
Trust: 3.4
db:BIDid:76684
Trust: 2.6
db:JVNDBid:JVNDB-2015-007570
Trust: 0.8
db:CNVDid:CNVD-2015-06224
Trust: 0.6
db:CNNVDid:CNNVD-201509-272
Trust: 0.6
db:VULHUBid:VHN-84547
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-06224 // 
            
            
            
            VULHUB: VHN-84547 // 
            
            
            
            BID: 76684 // 
            
            
            
            JVNDB: JVNDB-2015-007570 // 
            
            
            
            CNNVD: CNNVD-201509-272 // 
            
            
            
            NVD: CVE-2015-6586

REFERENCES
url:http://www.securityfocus.com/bid/76684
Trust: 2.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-453516.htm
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6586
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-6586
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-453516.htm 
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-06224 // 
            
            
            
            VULHUB: VHN-84547 // 
            
            
            
            BID: 76684 // 
            
            
            
            JVNDB: JVNDB-2015-007570 // 
            
            
            
            CNNVD: CNNVD-201509-272 // 
            
            
            
            NVD: CVE-2015-6586

CREDITS
Chad Seaman
Trust: 0.9
sources:
            
            
            BID: 76684 // 
            
            
            
            CNNVD: CNNVD-201509-272

SOURCES
db:CNVDid:CNVD-2015-06224
db:VULHUBid:VHN-84547
db:BIDid:76684
db:JVNDBid:JVNDB-2015-007570
db:CNNVDid:CNNVD-201509-272
db:NVDid:CVE-2015-6586

LAST UPDATE DATE
2024-11-23T22:26:46.634000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06224date:2015-09-25T00:00:00
db:VULHUBid:VHN-84547date:2017-06-07T00:00:00
db:BIDid:76684date:2015-09-09T00:00:00
db:JVNDBid:JVNDB-2015-007570date:2017-06-26T00:00:00
db:CNNVDid:CNNVD-201509-272date:2017-05-31T00:00:00
db:NVDid:CVE-2015-6586date:2024-11-21T02:35:15.707

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-06224date:2015-09-25T00:00:00
db:VULHUBid:VHN-84547date:2017-05-23T00:00:00
db:BIDid:76684date:2015-09-09T00:00:00
db:JVNDBid:JVNDB-2015-007570date:2017-06-26T00:00:00
db:CNNVDid:CNNVD-201509-272date:2015-09-18T00:00:00
db:NVDid:CVE-2015-6586date:2017-05-23T04:29:00.963