Sign-up

ID

VAR-201706-0187


CVE

CVE-2015-2800


TITLE

plural Huawei Campus Service operation interruption in user authentication module of switch products (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-007609

DESCRIPTION

The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation. Huawei Campus Series Switches are prone to a denial-of-service vulnerability. Attackers can exploit this issue to restart the affected device, denying service to legitimate users. Huawei Campus switches S5700, etc. are all switch products of China's Huawei (Huawei). The user authentication module is a module for user login authentication. The following products and versions are affected: Huawei Campus switches S5700 V200R001SPH012 Version; Campus switches S5300 V200R001SPH012 Version; Campus switches S6300 V200R001SPH012 Version; Campus switches S6700 V200R001SPH012 Version; Campus switches S7700 V200R001SPH012 Version; Campus switches S9300 V200R001SPH012 Version; Campus switches S9700 V200R001SPH012 Version

Trust: 1.98

sources: NVD: CVE-2015-2800 // JVNDB: JVNDB-2015-007609 // BID: 73355 // VULHUB: VHN-80761

AFFECTED PRODUCTS

vendor:huaweimodel:s6300scope:lteversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:s9700scope:lteversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:s9300scope:lteversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:s5700scope:lteversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:s7700scope:lteversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:s5300scope:lteversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:s6700scope:lteversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:s5300scope:ltversion:v200r001sph012

Trust: 0.8

vendor:huaweimodel:s5700scope:ltversion:v200r001sph012

Trust: 0.8

vendor:huaweimodel:s6300scope:ltversion:v200r001sph012

Trust: 0.8

vendor:huaweimodel:s6700scope:ltversion:v200r001sph012

Trust: 0.8

vendor:huaweimodel:s7700scope:ltversion:v200r001sph015

Trust: 0.8

vendor:huaweimodel:s9300scope:ltversion:v200r001sph015

Trust: 0.8

vendor:huaweimodel:s9700scope:ltversion:v200r001sph015

Trust: 0.8

vendor:huaweimodel:s5300scope:eqversion:v200r001c00spc300

Trust: 0.6

vendor:huaweimodel:s5700scope:eqversion:v200r001c00spc300

Trust: 0.6

vendor:huaweimodel:s6700scope:eqversion:v200r001c00spc300

Trust: 0.6

vendor:huaweimodel:s9700scope:eqversion:v200r001c00spc300

Trust: 0.6

vendor:huaweimodel:s6300scope:eqversion:v200r001c00spc300

Trust: 0.6

vendor:huaweimodel:s7700scope:eqversion:v200r001c00spc300

Trust: 0.6

vendor:huaweimodel:s9300scope:eqversion:v200r001c00spc300

Trust: 0.6

sources: JVNDB: JVNDB-2015-007609 // CNNVD: CNNVD-201504-531 // NVD: CVE-2015-2800

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-2800
value: HIGH

Trust: 1.0

NVD: CVE-2015-2800
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201504-531
value: HIGH

Trust: 0.6

VULHUB: VHN-80761
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-2800
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-80761
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-2800
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-80761 // JVNDB: JVNDB-2015-007609 // CNNVD: CNNVD-201504-531 // NVD: CVE-2015-2800

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-80761 // JVNDB: JVNDB-2015-007609 // NVD: CVE-2015-2800

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-531

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201504-531

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007609

PATCH
title:Huawei-SA-20150319-01-Campus switchurl:http://www.huawei.com/en/psirt/security-advisories/hw-418554
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-007609

EXTERNAL IDS
db:NVDid:CVE-2015-2800
Trust: 2.8
db:BIDid:73355
Trust: 2.0
db:JVNDBid:JVNDB-2015-007609
Trust: 0.8
db:CNNVDid:CNNVD-201504-531
Trust: 0.7
db:VULHUBid:VHN-80761
Trust: 0.1
sources:
            
            
            VULHUB: VHN-80761 // 
            
            
            
            BID: 73355 // 
            
            
            
            JVNDB: JVNDB-2015-007609 // 
            
            
            
            CNNVD: CNNVD-201504-531 // 
            
            
            
            NVD: CVE-2015-2800

REFERENCES
url:http://www.securityfocus.com/bid/73355
Trust: 1.7
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2800
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-2800
Trust: 0.8
url:http://www.huawei.com/
Trust: 0.3
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-418554.htm
Trust: 0.3
sources:
            
            
            VULHUB: VHN-80761 // 
            
            
            
            BID: 73355 // 
            
            
            
            JVNDB: JVNDB-2015-007609 // 
            
            
            
            CNNVD: CNNVD-201504-531 // 
            
            
            
            NVD: CVE-2015-2800

CREDITS
vhunter
Trust: 0.9
sources:
            
            
            BID: 73355 // 
            
            
            
            CNNVD: CNNVD-201504-531

SOURCES
db:VULHUBid:VHN-80761
db:BIDid:73355
db:JVNDBid:JVNDB-2015-007609
db:CNNVDid:CNNVD-201504-531
db:NVDid:CVE-2015-2800

LAST UPDATE DATE
2024-11-23T22:45:39.355000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-80761date:2017-06-20T00:00:00
db:BIDid:73355date:2015-05-07T17:22:00
db:JVNDBid:JVNDB-2015-007609date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201504-531date:2017-06-09T00:00:00
db:NVDid:CVE-2015-2800date:2024-11-21T02:28:06.093

SOURCES RELEASE DATE
db:VULHUBid:VHN-80761date:2017-06-08T00:00:00
db:BIDid:73355date:2015-03-19T00:00:00
db:JVNDBid:JVNDB-2015-007609date:2017-07-07T00:00:00
db:CNNVDid:CNNVD-201504-531date:2015-03-19T00:00:00
db:NVDid:CVE-2015-2800date:2017-06-08T16:29:00.403