Lucene search

[email protected]CVE-2014-9691

HistoryApr 02, 2017 - 8:59 p.m.

CVE-2014-9691

2017-04-0220:59:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2014-9691

huawei tecal

session ids

online users

web ui

information security

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow users who log in to the products to view the sessions IDs of all online users on the Online Users page of the web UI.

Affected configurations

NVD

Node

huaweitecal_rh1288_v2_firmwareRange≤v100r002c00spc107

AND

huaweitecal_rh1288_v2Match-

Node

huaweitecal_rh2265_v2_firmwareMatchv100r002c00

AND

huaweitecal_rh2265_v2Match-

Node

huaweitecal_rh2285_v2_firmwareRange≤v100r002c00spc115

AND

huaweitecal_rh2285_v2Match-

Node

huaweitecal_rh2265_v2_firmwareMatchv100r002c00

AND

huaweitecal_rh2265_v2Match-

Node

huaweitecal_rh2285h_v2_firmwareRange≤v100r002c00spc111

AND

huaweitecal_rh2285h_v2Match-

Node

huaweitecal_rh2268_v2_firmwareMatchv100r002c00

AND

huaweitecal_rh2268_v2Match-

Node

huaweitecal_rh2288_v2_firmwareRange≤v100r002c00spc117

AND

huaweitecal_rh2288_v2Match-

Node

huaweitecal_rh2288h_v2_firmwareRange≤v100r002c00spc115

AND

huaweitecal_rh2288h_v2Match-

Node

huaweitecal_rh2485_v2_firmwareRange≤v100r002c00spc502

AND

huaweitecal_rh2485_v2Match-

Node

huaweitecal_rh5885_v2_firmwareRange≤v100r001c02spc109

AND

huaweitecal_rh5885_v2Match-

Node

huaweitecal_rh5885_v3_firmwareRange≤v100r003c01spc102

AND

huaweitecal_rh5885_v3Match-

Node

huaweitecal_rh5885h_v3_firmwareRange≤v100r003c00spc102

AND

huaweitecal_rh5885h_v3Match-

Node

huaweitecal_xh310_v2_firmwareRange≤v100r001c00spc110

AND

huaweitecal_xh310_v2Match-

Node

huaweitecal_xh311_v2_firmwareRange≤v100r001c00spc110

AND

huaweitecal_xh311_v2Match-

Node

huaweitecal_xh320_v2_firmwareRange≤v100r001c00spc110

AND

huaweitecal_xh320_v2Match-

Node

huaweitecal_xh621_v2_firmwareRange≤v100r001c00spc106

AND

huaweitecal_xh621_v2Match-

Node

huaweitecal_dh310_v2_firmwareRange≤v100r001c00spc110

AND

huaweitecal_dh310_v2Match-

Node

huaweitecal_dh320_v2_firmwareRange≤v100r001c00spc106

AND

huaweitecal_dh320_v2Match-

Node

huaweitecal_dh620_v2_firmwareRange≤v100r001c00spc106

AND

huaweitecal_dh620_v2Match-

Node

huaweitecal_dh621_v2_firmwareRange≤v100r001c00spc107

AND

huaweitecal_dh621_v2Match-

Node

huaweitecal_dh628_v2_firmwareRange≤v100r001c00spc107

AND

huaweitecal_dh628_v2Match-

Node

huaweitecal_bh620_v2_firmwareRange≤v100r002c00spc107

AND

huaweitecal_bh620_v2Match-

Node

huaweitecal_bh621_v2_firmwareRange≤v100r002c00spc106

AND

huaweitecal_bh621_v2Match-

Node

huaweitecal_bh622_v2_firmwareRange≤v100r002c00spc110

AND

huaweitecal_bh622_v2Match-

Node

huaweitecal_bh640_v2_firmwareRange≤v100r002c00spc108

AND

huaweitecal_bh640_v2Match-

Node

huaweitecal_ch121_firmwareRange≤v100r001c00spc180

AND

huaweitecal_ch121Match-

Node

huaweitecal_ch140_firmwareRange≤v100r001c00spc110

AND

huaweitecal_ch140Match-

Node

huaweitecal_ch220_firmwareRange≤v100r001c00spc180

AND

huaweitecal_ch220Match-

Node

huaweitecal_ch221_firmwareRange≤v100r001c00spc180

AND

huaweitecal_ch221Match-

Node

huaweitecal_ch222_firmwareRange≤v100r002c00spc180

AND

huaweitecal_ch222Match-

Node

huaweitecal_ch240_firmwareRange≤v100r001c00spc180

AND

huaweitecal_ch240Match-

Node

huaweitecal_ch242_firmwareRange≤v100r001c00spc180

AND

huaweitecal_ch242Match-

Node

huaweitecal_ch242_v3_firmwareRange≤v100r001c00spc110

AND

huaweitecal_ch242_v3Match-

CPENameOperatorVersion
huawei:tecal_rh1288_v2_firmwarehuawei tecal rh1288 v2 firmwarelev100r002c00spc107

CPE	Name	Operator	Version
huawei:tecal_rh1288_v2_firmware	huawei tecal rh1288 v2 firmware	le	v100r002c00spc107

CNA Affected

[
  {
    "product": "Tecal RH1288 V2,Tecal RH2265 V2,Tecal RH2285 V2,Tecal RH2265 V2,Tecal RH2285H V2,Tecal RH2268 V2,Tecal RH2288 V2,Tecal RH2288H V2,Tecal RH2485 V2,Tecal RH5885 V2,Tecal RH5885 V3,Tecal RH5885H V3,Tecal XH310 V2,Tecal XH311 V2,Tecal XH320 V2,Tecal XH621 V2,Tecal DH310 V2,Tecal DH320 V2,Tecal DH620 V2,Tecal DH621 V2,Tecal DH628 V2,Tecal BH620 V2,Tecal BH621 V2,Tecal BH622 V2,Tecal BH640 V2,Tecal CH121,Tecal CH140,Tecal CH220,Tecal CH221,Tecal CH222,Tecal CH240,Tecal CH242,Tecal CH242 V3, Tecal RH1288 V2 V100R002C00SPC107 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285 V2 V100R002C00SPC115 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285H V2 V100R002C00SPC111 and earlier versions,Tecal RH2268 V2 V100R002C00,Tecal RH2288 V2 V100R002C00SPC117 and earlier versions,Tecal RH2288H V2 V100R002C00SPC115 and earlier versions,Tecal RH2485 V2 V100R002C00SPC502 and earlier versions,Tecal RH5885 V2 V100R001C02SPC109 and earlier versions,Tecal RH5885 V3 V100R003C01SPC102 and earlier versions,Tecal RH5885H V3 V100R003C00SPC102 and earlier versions,Tecal XH310 V2 V100R001C00SPC110 and earlier versions,Tecal XH311 V2 V100R001C00SPC110 and earlier versions,Tecal XH320 V2 V100R001C00SPC110 and earlier versions,Tecal XH621 V2 V100R001C00SPC106 and earlier versions,Tecal DH310 V2 V100R001C00SPC110 and earlier versions,Tecal DH320 V2 V100R001C00SPC106 and earlier versions,Tecal DH620 V2 V100R001C00SPC106 and earlier versions,Tecal DH621 V2 V100R001C00SPC107 and earlier versions,Tecal DH628 V2 V100R001C00SPC107 and earlier versions,Tecal BH620 V2 V100R002C00SPC107 and earlier versions,Tecal BH621 V2 V100R002C00SPC106 and earlier versions,Tecal BH622 V2 V100R002C00SPC110 ?and earlier versions,Tecal BH640 V2 V100R002C00SPC108 and earlier versions,Tecal CH121 V100R001C00SPC180 and earlier versions,Tecal CH140 V100R001C00SPC110 and earlier versions,Tecal CH220 V100R001C00SPC180 and earlier versions,Tecal CH221 V100R001C00SPC180 and earlier versions,Tecal CH222 V100R002C00SPC180 and earlier versions,Te ...[truncated*]",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Tecal RH1288 V2,Tecal RH2265 V2,Tecal RH2285 V2,Tecal RH2265 V2,Tecal RH2285H V2,Tecal RH2268 V2,Tecal RH2288 V2,Tecal RH2288H V2,Tecal RH2485 V2,Tecal RH5885 V2,Tecal RH5885 V3,Tecal RH5885H V3,Tecal XH310 V2,Tecal XH311 V2,Tecal XH320 V2,Tecal XH621 V2,Tecal DH310 V2,Tecal DH320 V2,Tecal DH620 V2,Tecal DH621 V2,Tecal DH628 V2,Tecal BH620 V2,Tecal BH621 V2,Tecal BH622 V2,Tecal BH640 V2,Tecal CH121,Tecal CH140,Tecal CH220,Tecal CH221,Tecal CH222,Tecal CH240,Tecal CH242,Tecal CH242 V3, Tecal RH1288 V2 V100R002C00SPC107 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285 V2 V100R002C00SPC115 and earlier versions,Tecal RH2265 V2 V100R002C00,Tecal RH2285H V2 V100R002C00SPC111 and earlier versions,Tecal RH2268 V2 V100R002C00,Tecal RH2288 V2 V100R002C00SPC117 and earlier versions,Tecal RH2288H V2 V100R002C00SPC115 and earlier versions,Tecal RH2485 V2 V100R002C00SPC502 and earlier versions,Tecal RH5885 V2 V100R001C02SPC109 and earlier versions,Tecal RH5885 V3 V100R003C01SPC102 and earlier v ...[truncated*]"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/hw-408100

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for CVE-2014-9691

cvelist1 nvd1 prion1 huawei1