Lucene search

Huawei TechnologiesHUAWEI-SA-20140924-02-CSRF

HistorySep 24, 2014 - 12:00 a.m.

Security Advisory-CSRF Vulnerabilities in Multiple Products

2014-09-2400:00:00

Huawei Technologies

www.huawei.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.9%

JSON

Cross-site request forgery (CSRF) vulnerabilities are discovered in multiple products, including FusionManager (Vulnerability ID: HWPSIRT-2014-0408) and USG firewall series (Vulnerability ID: HWPSIRT-2014-0406).

Vulnerabilities in the web interface of these devices could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. By exploiting the vulnerabilities, attackers manipulate the device, compromise legitimate services and perform other malicious activities.

Vulnerability HWPSIRT-2014-0408 has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9136.

Vulnerability HWPSIRT-2014-0406 has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9137.

Affected configurations

Vulners

Node

huaweifusionmanagerMatchv100r002c03

huaweifusionmanagerMatchv100r003c00

huaweiusg9500_firmwareRange<V200R001C01SPC800

huaweiusg9500_firmwareMatchv300r001c00

huaweiusg2100_firmwareRange<V300R001C00SPC900

huaweiusg2200_firmwareMatchv300r001c00spc900

huaweiusg5100_firmwareMatchv300r001c00spc900

huaweiusg5500_firmwareMatchv300r001c00spc900

VendorProductVersionCPE
huaweifusionmanagerv100r002c03cpe:2.3:a:huawei:fusionmanager:v100r002c03:*:*:*:*:*:*:*
huaweifusionmanagerv100r003c00cpe:2.3:a:huawei:fusionmanager:v100r003c00:*:*:*:*:*:*:*
huaweiusg9500_firmware*cpe:2.3:o:huawei:usg9500_firmware:*:*:*:*:*:*:*:*
huaweiusg9500_firmwarev300r001c00cpe:2.3:o:huawei:usg9500_firmware:v300r001c00:*:*:*:*:*:*:*
huaweiusg2100_firmware*cpe:2.3:o:huawei:usg2100_firmware:*:*:*:*:*:*:*:*
huaweiusg2200_firmwarev300r001c00spc900cpe:2.3:o:huawei:usg2200_firmware:v300r001c00spc900:*:*:*:*:*:*:*
huaweiusg5100_firmwarev300r001c00spc900cpe:2.3:o:huawei:usg5100_firmware:v300r001c00spc900:*:*:*:*:*:*:*
huaweiusg5500_firmwarev300r001c00spc900cpe:2.3:o:huawei:usg5500_firmware:v300r001c00spc900:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	fusionmanager	v100r002c03	cpe:2.3:a:huawei:fusionmanager:v100r002c03:::::::*
huawei	fusionmanager	v100r003c00	cpe:2.3:a:huawei:fusionmanager:v100r003c00:::::::*
huawei	usg9500_firmware	*	cpe:2.3:o:huawei:usg9500_firmware::::::::
huawei	usg9500_firmware	v300r001c00	cpe:2.3:o:huawei:usg9500_firmware:v300r001c00:::::::*
huawei	usg2100_firmware	*	cpe:2.3:o:huawei:usg2100_firmware::::::::
huawei	usg2200_firmware	v300r001c00spc900	cpe:2.3:o:huawei:usg2200_firmware:v300r001c00spc900:::::::*
huawei	usg5100_firmware	v300r001c00spc900	cpe:2.3:o:huawei:usg5100_firmware:v300r001c00spc900:::::::*
huawei	usg5500_firmware	v300r001c00spc900	cpe:2.3:o:huawei:usg5500_firmware:v300r001c00spc900:::::::*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.9%

JSON

Related for HUAWEI-SA-20140924-02-CSRF