Sign-up

ID

VAR-201711-0955


CVE

CVE-2017-8117


TITLE

UMA Vulnerabilities related to authorization, authority, and access control in product software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010611

DESCRIPTION

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. UMA Product software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. There is a privilege escalation vulnerability in Huawei UMA V200R001 and V300R001

Trust: 1.71

sources: NVD: CVE-2017-8117 // JVNDB: JVNDB-2017-010611 // VULHUB: VHN-116320

AFFECTED PRODUCTS

vendor:huaweimodel:umascope:eqversion:v300r001

Trust: 1.6

vendor:huaweimodel:umascope:eqversion:v200r001

Trust: 1.6

vendor:huaweimodel:unified maintenance and auditscope:eqversion:v200r001

Trust: 0.8

vendor:huaweimodel:unified maintenance and auditscope:eqversion:v300r001

Trust: 0.8

sources: JVNDB: JVNDB-2017-010611 // CNNVD: CNNVD-201711-998 // NVD: CVE-2017-8117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8117
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-8117
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201711-998
value: CRITICAL

Trust: 0.6

VULHUB: VHN-116320
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-8117
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116320
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8117
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116320 // JVNDB: JVNDB-2017-010611 // CNNVD: CNNVD-201711-998 // NVD: CVE-2017-8117

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-116320 // JVNDB: JVNDB-2017-010611 // NVD: CVE-2017-8117

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-998

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201711-998

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010611

PATCH
title:huawei-sa-20170612-01-umaurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en
Trust: 0.8
title:Huawei UMA Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76708
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010611 // 
            
            
            
            CNNVD: CNNVD-201711-998

EXTERNAL IDS
db:NVDid:CVE-2017-8117
Trust: 2.5
db:JVNDBid:JVNDB-2017-010611
Trust: 0.8
db:CNNVDid:CNNVD-201711-998
Trust: 0.7
db:VULHUBid:VHN-116320
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116320 // 
            
            
            
            JVNDB: JVNDB-2017-010611 // 
            
            
            
            CNNVD: CNNVD-201711-998 // 
            
            
            
            NVD: CVE-2017-8117

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8117
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8117
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116320 // 
            
            
            
            JVNDB: JVNDB-2017-010611 // 
            
            
            
            CNNVD: CNNVD-201711-998 // 
            
            
            
            NVD: CVE-2017-8117

SOURCES
db:VULHUBid:VHN-116320
db:JVNDBid:JVNDB-2017-010611
db:CNNVDid:CNNVD-201711-998
db:NVDid:CVE-2017-8117

LAST UPDATE DATE
2024-11-23T22:17:45.581000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116320date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-010611date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-998date:2019-10-23T00:00:00
db:NVDid:CVE-2017-8117date:2024-11-21T03:33:21.437

SOURCES RELEASE DATE
db:VULHUBid:VHN-116320date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010611date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-998date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8117date:2017-11-22T19:29:02.100