Details of VAR-201711-0960

ID

VAR-201711-0960

CVE

CVE-2017-8122

TITLE

UMA Vulnerabilities related to authorization, authority, and access control in product software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010635

DESCRIPTION

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. UMA Product software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Unified Maintenance Audit (UMA) system is prone to a local privilege-escalation vulnerability. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. There is a privilege escalation vulnerability in Huawei UMA V200R001

Trust: 1.98

sources: NVD: CVE-2017-8122 // JVNDB: JVNDB-2017-010635 // BID: 101961 // VULHUB: VHN-116325

AFFECTED PRODUCTS

vendor:	huawei	model:	uma	scope:	eq	version:	v200r001	Trust: 1.6
vendor:	huawei	model:	unified maintenance and audit	scope:	eq	version:	v200r001	Trust: 0.8
vendor:	huawei	model:	uma v300r001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	uma v200r001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	uma v200r001c00cp0002	scope:	ne	version:	-	Trust: 0.3

sources: BID: 101961 // JVNDB: JVNDB-2017-010635 // CNNVD: CNNVD-201711-993 // NVD: CVE-2017-8122

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8122
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-8122
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201711-993
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-116325
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-8122
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-116325
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8122
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-116325 // JVNDB: JVNDB-2017-010635 // CNNVD: CNNVD-201711-993 // NVD: CVE-2017-8122

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-116325 // JVNDB: JVNDB-2017-010635 // NVD: CVE-2017-8122

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-993

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201711-993

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010635

PATCH

title:	huawei-sa-20170612-01-uma	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en	Trust: 0.8
title:	Huawei UMA Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76703	Trust: 0.6

sources: JVNDB: JVNDB-2017-010635 // CNNVD: CNNVD-201711-993

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8122	Trust: 2.8
db:	BID	id:	101961	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-010635	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-993	Trust: 0.7
db:	VULHUB	id:	VHN-116325	Trust: 0.1

sources: VULHUB: VHN-116325 // BID: 101961 // JVNDB: JVNDB-2017-010635 // CNNVD: CNNVD-201711-993 // NVD: CVE-2017-8122

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en	Trust: 2.0
url:	http://www.securityfocus.com/bid/101961	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8122	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8122	Trust: 0.8
url:	http://www.huawei.com/en/	Trust: 0.3

sources: VULHUB: VHN-116325 // BID: 101961 // JVNDB: JVNDB-2017-010635 // CNNVD: CNNVD-201711-993 // NVD: CVE-2017-8122

CREDITS

Huawei.

Trust: 0.3

sources: BID: 101961

SOURCES

db:	VULHUB	id:	VHN-116325
db:	BID	id:	101961
db:	JVNDB	id:	JVNDB-2017-010635
db:	CNNVD	id:	CNNVD-201711-993
db:	NVD	id:	CVE-2017-8122

LAST UPDATE DATE

2024-11-23T21:53:33.627000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-116325	date:	2019-10-03T00:00:00
db:	BID	id:	101961	date:	2017-12-19T22:37:00
db:	JVNDB	id:	JVNDB-2017-010635	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201711-993	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-8122	date:	2024-11-21T03:33:21.990

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-116325	date:	2017-11-22T00:00:00
db:	BID	id:	101961	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010635	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201711-993	date:	2017-11-23T00:00:00
db:	NVD	id:	CVE-2017-8122	date:	2017-11-22T19:29:02.317