Details of VAR-201710-0095

ID

VAR-201710-0095

CVE

CVE-2015-7842

TITLE

plural Huawei FusionServer Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-008026

DESCRIPTION

Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions. plural Huawei FusionServer Contains a permission vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Huawei FusionServer RH2288 V3 is a server product of Huawei Technologies, China. The Huawei FusionServer product has a security vulnerability that allows remote attackers to submit special requests to change server information. Huawei FusionServer products are prone to multiple security-bypass vulnerabilities and a command-injection vulnerability. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks or execute arbitrary commands in the context of the application; other attacks may also be possible. The following products and versions are affected: Huawei FusionServer RH2288 V3 , RH2288H V3 and XH628 V3 V100R003C00 Version, FusionServer RH1288 V3 V100R003C00SPC100 Version, FusionServer RH2288A V2 and FusionServer RH1288A V2 V100R002C00 Version, FusionServer RH8100 V3 V100R003C00 Version, FusionServer CH222 V3 , CH220 V3 and CH121 V3 V100R001C00 version

Trust: 2.52

sources: NVD: CVE-2015-7842 // JVNDB: JVNDB-2015-008026 // CNVD: CNVD-2015-07208 // BID: 76836 // VULHUB: VHN-85803

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-07208

AFFECTED PRODUCTS

vendor:	huawei	model:	ch121 v3	scope:	lte	version:	v100r001c00	Trust: 1.0
vendor:	huawei	model:	rh2288a v2	scope:	lte	version:	v100r002c00	Trust: 1.0
vendor:	huawei	model:	rh2288h v3	scope:	lte	version:	v100r003c00	Trust: 1.0
vendor:	huawei	model:	ch220 v3	scope:	lte	version:	v100r001c00	Trust: 1.0
vendor:	huawei	model:	rh8100 v3	scope:	lte	version:	v100r003c00	Trust: 1.0
vendor:	huawei	model:	xh628 v3	scope:	lte	version:	v100r003c00	Trust: 1.0
vendor:	huawei	model:	rh1288 v3	scope:	lte	version:	v100r003c00spc100	Trust: 1.0
vendor:	huawei	model:	ch222 v3	scope:	lte	version:	v100r001c00	Trust: 1.0
vendor:	huawei	model:	rh1288a v2	scope:	lte	version:	v100r002c00	Trust: 1.0
vendor:	huawei	model:	rh2288 v3	scope:	lte	version:	v100r003c00	Trust: 1.0
vendor:	huawei	model:	fusionserver ch121 v3	scope:	lt	version:	v100r001c00spc161	Trust: 0.8
vendor:	huawei	model:	fusionserver ch220 v3	scope:	lt	version:	v100r001c00spc161	Trust: 0.8
vendor:	huawei	model:	fusionserver ch222 v3	scope:	lt	version:	v100r001c00spc161	Trust: 0.8
vendor:	huawei	model:	fusionserver rh1288 v3	scope:	lt	version:	v100r003c00spc602	Trust: 0.8
vendor:	huawei	model:	fusionserver rh1288a v2	scope:	lt	version:	v100r002c00spc502	Trust: 0.8
vendor:	huawei	model:	fusionserver rh2288 v3	scope:	lt	version:	v100r003c00spc603	Trust: 0.8
vendor:	huawei	model:	fusionserver rh2288a v2	scope:	lt	version:	v100r002c00spc701	Trust: 0.8
vendor:	huawei	model:	fusionserver rh2288h v3	scope:	lt	version:	v100r003c00spc503	Trust: 0.8
vendor:	huawei	model:	fusionserver rh8100 v3	scope:	lt	version:	v100r003c00spc110	Trust: 0.8
vendor:	huawei	model:	fusionserver xh628 v3	scope:	lt	version:	v100r003c00spc602	Trust: 0.8
vendor:	huawei	model:	fusionserver rh2288	scope:	eq	version:	v3	Trust: 0.6
vendor:	huawei	model:	rh8100 v3	scope:	eq	version:	v100r003c00	Trust: 0.6
vendor:	huawei	model:	ch121 v3	scope:	eq	version:	v100r001c00	Trust: 0.6
vendor:	huawei	model:	rh2288 v3	scope:	eq	version:	v100r003c00	Trust: 0.6
vendor:	huawei	model:	xh628 v3	scope:	eq	version:	v100r003c00	Trust: 0.6
vendor:	huawei	model:	ch222 v3	scope:	eq	version:	v100r001c00	Trust: 0.6
vendor:	huawei	model:	ch220 v3	scope:	eq	version:	v100r001c00	Trust: 0.6
vendor:	huawei	model:	rh1288a v2	scope:	eq	version:	v100r002c00	Trust: 0.6
vendor:	huawei	model:	rh2288h v3	scope:	eq	version:	v100r003c00	Trust: 0.6
vendor:	huawei	model:	rh2288a v2	scope:	eq	version:	v100r002c00	Trust: 0.6
vendor:	huawei	model:	rh1288 v3	scope:	eq	version:	v100r003c00spc100	Trust: 0.6

sources: CNVD: CNVD-2015-07208 // JVNDB: JVNDB-2015-008026 // CNNVD: CNNVD-201510-689 // NVD: CVE-2015-7842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7842
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-7842
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-07208
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201510-689
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-85803
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7842
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-07208
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-85803
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7842
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2015-07208 // VULHUB: VHN-85803 // JVNDB: JVNDB-2015-008026 // CNNVD: CNNVD-201510-689 // NVD: CVE-2015-7842

PROBLEMTYPE DATA

problemtype:

CWE-275

Trust: 1.9

sources: VULHUB: VHN-85803 // JVNDB: JVNDB-2015-008026 // NVD: CVE-2015-7842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-689

TYPE

Unknown

Trust: 0.3

sources: BID: 76836

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-008026

PATCH

title:	Huawei-SA-20150923-01-FusionServer	url:	http://www.huawei.com/en/psirt/security-advisories/hw-454418	Trust: 0.8
title:	Huawei FusionServer Product Information Change Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/66226	Trust: 0.6

sources: CNVD: CNVD-2015-07208 // JVNDB: JVNDB-2015-008026

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7842	Trust: 3.4
db:	BID	id:	76836	Trust: 2.6
db:	JVNDB	id:	JVNDB-2015-008026	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-689	Trust: 0.7
db:	CNVD	id:	CNVD-2015-07208	Trust: 0.6
db:	VULHUB	id:	VHN-85803	Trust: 0.1

sources: CNVD: CNVD-2015-07208 // VULHUB: VHN-85803 // BID: 76836 // JVNDB: JVNDB-2015-008026 // CNNVD: CNNVD-201510-689 // NVD: CVE-2015-7842

REFERENCES

url:	http://www.securityfocus.com/bid/76836	Trust: 2.3
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7842	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7842	Trust: 0.8
url:	http://www.huawei.com	Trust: 0.3
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-456219.htm	Trust: 0.3
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-454418.htm	Trust: 0.3

sources: CNVD: CNVD-2015-07208 // VULHUB: VHN-85803 // BID: 76836 // JVNDB: JVNDB-2015-008026 // CNNVD: CNNVD-201510-689 // NVD: CVE-2015-7842

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 76836

SOURCES

db:	CNVD	id:	CNVD-2015-07208
db:	VULHUB	id:	VHN-85803
db:	BID	id:	76836
db:	JVNDB	id:	JVNDB-2015-008026
db:	CNNVD	id:	CNNVD-201510-689
db:	NVD	id:	CVE-2015-7842

LAST UPDATE DATE

2024-11-23T21:53:41.562000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07208	date:	2015-11-04T00:00:00
db:	VULHUB	id:	VHN-85803	date:	2017-11-05T00:00:00
db:	BID	id:	76836	date:	2015-11-03T20:11:00
db:	JVNDB	id:	JVNDB-2015-008026	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201510-689	date:	2015-10-29T00:00:00
db:	NVD	id:	CVE-2015-7842	date:	2024-11-21T02:37:30.670

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-07208	date:	2015-11-04T00:00:00
db:	VULHUB	id:	VHN-85803	date:	2017-10-10T00:00:00
db:	BID	id:	76836	date:	2015-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2015-008026	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201510-689	date:	2015-09-23T00:00:00
db:	NVD	id:	CVE-2015-7842	date:	2017-10-10T01:30:20.500