Lucene search

[email protected]CVE-2015-6586

HistoryMay 23, 2017 - 4:29 a.m.

CVE-2015-6586

2017-05-2304:29:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-6586

huawei

wlan

ac6005

ac6605

acu2

mdns

vulnerability

remote attackers

sensitive information

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network.

Affected configurations

NVD

Node

huaweiwlan_acu2_firmwareRange≤v200r005c00

huaweiwlan_acu2_firmwareRange≤v200r005c10

huaweiwlan_acu2_firmwareRange≤v200r006c00

AND

huaweiwlan_acu2Match-

Node

huaweiwlan_ac6005_firmwareRange≤v200r005c00

huaweiwlan_ac6005_firmwareRange≤v200r005c10

huaweiwlan_ac6005_firmwareRange≤v200r006c00

AND

huaweiwlan_ac6005Match-

Node

huaweiwlan_ac6605_firmwareRange≤v200r005c00

huaweiwlan_ac6605_firmwareRange≤v200r005c10

huaweiwlan_ac6605_firmwareRange≤v200r006c00

AND

huaweiwlan_ac6605Match-

CPENameOperatorVersion
huawei:wlan_acu2_firmwarehuawei wlan acu2 firmwarelev200r005c00
huawei:wlan_acu2_firmwarehuawei wlan acu2 firmwarelev200r005c10
huawei:wlan_acu2_firmwarehuawei wlan acu2 firmwarelev200r006c00

CPE	Name	Operator	Version
huawei:wlan_acu2_firmware	huawei wlan acu2 firmware	le	v200r005c00
huawei:wlan_acu2_firmware	huawei wlan acu2 firmware	le	v200r005c10
huawei:wlan_acu2_firmware	huawei wlan acu2 firmware	le	v200r006c00

References

www.securityfocus.com/bid/76684

www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-453516.htm

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

Related for CVE-2015-6586

cvelist1 huawei1 nvd1 prion1