Lucene search

HuaweiCVE-2017-15352

HistoryFeb 15, 2018 - 4:29 p.m.

CVE-2017-15352

2018-02-1516:29:01

CWE-732

huawei

web.nvd.nist.gov

huawei

oceanstor

v300r003c20

vulnerability

access control

nvd

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS3

3.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.

Affected configurations

Nvd

Vulners

Node

huaweioceanstor_2800_firmwareMatchv300r003c00

huaweioceanstor_2800_firmwareMatchv300r003c20

AND

huaweioceanstor_2800Match-

Node

huaweioceanstor_5300_firmwareMatchv300r003c00

huaweioceanstor_5300_firmwareMatchv300r003c10

huaweioceanstor_5300_firmwareMatchv300r003c20

AND

huaweioceanstor_5300Match-

Node

huaweioceanstor_5500_firmwareMatchv300r003c00

huaweioceanstor_5500_firmwareMatchv300r003c10

huaweioceanstor_5500_firmwareMatchv300r003c20

AND

huaweioceanstor_5500Match-

Node

huaweioceanstor_5600_firmwareMatchv300r003c00

huaweioceanstor_5600_firmwareMatchv300r003c10

huaweioceanstor_5600_firmwareMatchv300r003c20

AND

huaweioceanstor_5600Match-

Node

huaweioceanstor_5800_firmwareMatchv300r003c00

huaweioceanstor_5800_firmwareMatchv300r003c10

huaweioceanstor_5800_firmwareMatchv300r003c20

AND

huaweioceanstor_5800Match-

VendorProductVersionCPE
huaweioceanstor_2800_firmwarev300r003c00cpe:2.3:o:huawei:oceanstor_2800_firmware:v300r003c00:*:*:*:*:*:*:*
huaweioceanstor_2800_firmwarev300r003c20cpe:2.3:o:huawei:oceanstor_2800_firmware:v300r003c20:*:*:*:*:*:*:*
huaweioceanstor_2800-cpe:2.3:h:huawei:oceanstor_2800:-:*:*:*:*:*:*:*
huaweioceanstor_5300_firmwarev300r003c00cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c00:*:*:*:*:*:*:*
huaweioceanstor_5300_firmwarev300r003c10cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c10:*:*:*:*:*:*:*
huaweioceanstor_5300_firmwarev300r003c20cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c20:*:*:*:*:*:*:*
huaweioceanstor_5300-cpe:2.3:h:huawei:oceanstor_5300:-:*:*:*:*:*:*:*
huaweioceanstor_5500_firmwarev300r003c00cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c00:*:*:*:*:*:*:*
huaweioceanstor_5500_firmwarev300r003c10cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c10:*:*:*:*:*:*:*
huaweioceanstor_5500_firmwarev300r003c20cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	oceanstor_2800_firmware	v300r003c00	cpe:2.3:o:huawei:oceanstor_2800_firmware:v300r003c00:::::::*
huawei	oceanstor_2800_firmware	v300r003c20	cpe:2.3:o:huawei:oceanstor_2800_firmware:v300r003c20:::::::*
huawei	oceanstor_2800	-	cpe:2.3:h:huawei:oceanstor_2800:-:::::::*
huawei	oceanstor_5300_firmware	v300r003c00	cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c00:::::::*
huawei	oceanstor_5300_firmware	v300r003c10	cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c10:::::::*
huawei	oceanstor_5300_firmware	v300r003c20	cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c20:::::::*
huawei	oceanstor_5300	-	cpe:2.3:h:huawei:oceanstor_5300:-:::::::*
huawei	oceanstor_5500_firmware	v300r003c00	cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c00:::::::*
huawei	oceanstor_5500_firmware	v300r003c10	cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c10:::::::*
huawei	oceanstor_5500_firmware	v300r003c20	cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c20:::::::*

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "product": "OceanStor 2800 V3,OceanStor 5300 V3,OceanStor 5500 V3,OceanStor 5600 V3,OceanStor 5800 V3",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "OceanStor 2800 V3 ,V300R003C00 ,V300R003C20 ,OceanStor 5300 V3 ,V300R003C00 ,V300R003C10 ,V300R003C20 ,OceanStor 5500 V3 ,V300R003C00 ,V300R003C10 ,V300R003C20 ,OceanStor 5600 V3 ,V300R003C00 ,V300R003C10 ,V300R003C20 ,OceanStor 5800 V3 ,V300R003C00 ,V300R003C10 ,V300R003C20"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:H/Au:S/C:P/I:N/A:P

CVSS3

3.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2017-15352