Details of VAR-201709-0089

ID

VAR-201709-0089

CVE

CVE-2015-7846

TITLE

plural Huawei Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2015-007987

DESCRIPTION

Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. plural Huawei The product contains an information disclosure vulnerability.Information may be obtained. Huawei S7700 is a product of China Huawei. The Huawei S7700, S9700, and S9300 are intelligent routing switches. Huawei AR200, AR1200, AR2200, and AR3200 are multi-service routers for enterprises. Multiple Huawei products are prone to a local information-disclosure vulnerability. Several Huawei products have security vulnerabilities. The following products and versions are affected: Huawei S7700 V200R005C20SPC200 previous version; S9700 V200R005C20SPC200 previous version; S9300 V200R005C20SPC200 previous version; AR200 V200R005C20SPC200 Version; AR1200 V200R005C20SPC200 Version; AR2200 V200R005C20SPC200 Version; AR3200 V200R005C20SPC200 Version

Trust: 2.52

sources: NVD: CVE-2015-7846 // JVNDB: JVNDB-2015-007987 // CNVD: CNVD-2015-07754 // BID: 76173 // VULHUB: VHN-85807

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-07754

AFFECTED PRODUCTS

vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r003c01spc500	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r003c01spc800	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r003c01spc200	Trust: 1.6
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r003c01spc800	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r003c01spc100	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r003c00spc200	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r003c01spc900	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r003c01spc300	Trust: 1.6
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r003c01spc600	Trust: 1.6
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r003c00spc500	Trust: 1.6
vendor:	huawei	model:	s9300	scope:	-	version:	-	Trust: 1.4
vendor:	huawei	model:	s7700	scope:	-	version:	-	Trust: 1.4
vendor:	huawei	model:	s9700	scope:	-	version:	-	Trust: 1.4
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r002c00spc100	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r003c00spc200	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r003c01spc600	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r005c00spc300	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r003c00spc500	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r003c00spc100	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r003c01spc200	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r006c00spc300	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r003c01spc900	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r002c00spc100	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r006c00spc500	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r003c01spc300	Trust: 1.0
vendor:	huawei	model:	ar3200	scope:	eq	version:	v200r003c00spc100	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r003c01spc800	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r003c01spc500	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r003c01spc100	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r001c00spc300	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r003c00spc200	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r003c01spc200	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r003c01spc900	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r005c00spc300	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r006c00spc300	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r001c00spc300	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r003c01spc300	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r003c01spc600	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r001c00spc300	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r006c00spc500	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r003c00spc100	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r003c01spc500	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r005c00spc300	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r006c00spc300	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r003c01spc200	Trust: 1.0
vendor:	huawei	model:	s9300	scope:	eq	version:	v200r006c00spc500	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r002c00spc100	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r003c01spc100	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r003c01spc300	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r003c01spc800	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r003c00spc200	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r003c01spc600	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	eq	version:	v200r003c01spc900	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r003c00spc100	Trust: 1.0
vendor:	huawei	model:	ar2200	scope:	eq	version:	v200r003c01spc500	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r003c00spc500	Trust: 1.0
vendor:	huawei	model:	ar200	scope:	eq	version:	v200r003c01spc100	Trust: 1.0
vendor:	huawei	model:	ar1200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar2200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar3200	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ar	scope:	eq	version:	200	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	1200	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	2200	Trust: 0.6
vendor:	huawei	model:	ar	scope:	eq	version:	3200	Trust: 0.6

sources: CNVD: CNVD-2015-07754 // JVNDB: JVNDB-2015-007987 // CNNVD: CNNVD-201511-303 // NVD: CVE-2015-7846

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7846
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-7846
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-07754
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201511-303
value:	LOW
Trust: 0.6
VULHUB:	VHN-85807
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-7846
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-07754
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-85807
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7846
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2015-07754 // VULHUB: VHN-85807 // JVNDB: JVNDB-2015-007987 // CNNVD: CNNVD-201511-303 // NVD: CVE-2015-7846

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-85807 // JVNDB: JVNDB-2015-007987 // NVD: CVE-2015-7846

THREAT TYPE

local

Trust: 0.9

sources: BID: 76173 // CNNVD: CNNVD-201511-303

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201511-303

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007987

PATCH

title:	Huawei-SA-20150805-01-VRP	url:	http://www.huawei.com/en/psirt/security-advisories/hw-446634	Trust: 0.8
title:	Patches for multiple Huawei router information disclosure vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/67061	Trust: 0.6

sources: CNVD: CNVD-2015-07754 // JVNDB: JVNDB-2015-007987

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7846	Trust: 3.4
db:	BID	id:	76173	Trust: 2.6
db:	JVNDB	id:	JVNDB-2015-007987	Trust: 0.8
db:	CNNVD	id:	CNNVD-201511-303	Trust: 0.7
db:	CNVD	id:	CNVD-2015-07754	Trust: 0.6
db:	SEEBUG	id:	SSVID-89913	Trust: 0.1
db:	VULHUB	id:	VHN-85807	Trust: 0.1

sources: CNVD: CNVD-2015-07754 // VULHUB: VHN-85807 // BID: 76173 // JVNDB: JVNDB-2015-007987 // CNNVD: CNNVD-201511-303 // NVD: CVE-2015-7846

REFERENCES

url:	http://www.securityfocus.com/bid/76173	Trust: 2.3
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446634.htm	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7846	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7846	Trust: 0.8

sources: CNVD: CNVD-2015-07754 // VULHUB: VHN-85807 // JVNDB: JVNDB-2015-007987 // CNNVD: CNNVD-201511-303 // NVD: CVE-2015-7846

CREDITS

Mickey Shkatov from Intel Advanced Threat Research Team and Jesse Michael from Intel.

Trust: 0.9

sources: BID: 76173 // CNNVD: CNNVD-201511-303

SOURCES

db:	CNVD	id:	CNVD-2015-07754
db:	VULHUB	id:	VHN-85807
db:	BID	id:	76173
db:	JVNDB	id:	JVNDB-2015-007987
db:	CNNVD	id:	CNNVD-201511-303
db:	NVD	id:	CVE-2015-7846

LAST UPDATE DATE

2024-11-23T23:02:22.122000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07754	date:	2015-11-24T00:00:00
db:	VULHUB	id:	VHN-85807	date:	2017-10-10T00:00:00
db:	BID	id:	76173	date:	2015-12-07T22:16:00
db:	JVNDB	id:	JVNDB-2015-007987	date:	2017-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201511-303	date:	2015-11-19T00:00:00
db:	NVD	id:	CVE-2015-7846	date:	2024-11-21T02:37:31.203

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-07754	date:	2015-11-24T00:00:00
db:	VULHUB	id:	VHN-85807	date:	2017-09-25T00:00:00
db:	BID	id:	76173	date:	2015-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-007987	date:	2017-10-23T00:00:00
db:	CNNVD	id:	CNNVD-201511-303	date:	2015-08-05T00:00:00
db:	NVD	id:	CVE-2015-7846	date:	2017-09-25T21:29:00.867