{"id": "CVE-2015-8331", "bulletinFamily": "NVD", "title": "CVE-2015-8331", "description": "The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an \"abnormal exit\" occurs, which allows remote attackers to conduct replay attacks via the session ID.", "published": "2016-01-11T15:59:00", "modified": "2016-01-11T23:36:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8331", "reporter": "cve@mitre.org", "references": ["http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463067.htm"], "cvelist": ["CVE-2015-8331"], "type": "cve", "lastseen": "2021-02-02T06:21:30", "edition": 4, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "huawei", "idList": ["HUAWEI-SA-20151126-01-VCN500"]}], "modified": "2021-02-02T06:21:30", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-02-02T06:21:30", "rev": 2}, "vulnersScore": 5.6}, "cpe": ["cpe:/a:huawei:vcn500:v100r002c00spc200b010"], "affectedSoftware": [{"cpeName": "huawei:vcn500", "name": "huawei vcn500", "operator": "eq", "version": "v100r002c00spc200b010"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM"}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.2}, "cpe23": ["cpe:2.3:a:huawei:vcn500:v100r002c00spc200b010:*:*:*:*:*:*:*"], "cwe": ["CWE-20"], "scheme": null, "affectedConfiguration": [{"cpeName": "huawei:vcn500", "name": "huawei vcn500", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:vcn500:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:huawei:vcn500:v100r002c00spc200b010:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "extraReferences": [{"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463067.htm", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463067.htm"}], "immutableFields": []}

{"huawei": [{"lastseen": "2019-02-01T18:02:06", "bulletinFamily": "software", "cvelist": ["CVE-2015-8331"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2015-11-26T00:00:00", "published": "2015-11-26T00:00:00", "id": "HUAWEI-SA-20151126-01-VCN500", "href": "https://www.huawei.com/en/psirt/security-advisories/2015/hw-463067", "title": "Security Advisory - Replay Attack Vulnerability of Users Abnormal Exit in VCN500", "type": "huawei", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}