Huawei TechnologiesHUAWEI-SA-20141224-02-HMMSecurity Advisory-Privilege Escalation Vulnerability in IPMICommand of the HMM Software in a Huawei Server Product
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
40.8%
The Hyper Module Management (HMM) software of some Huawei server products has a security vulnerability. When the operator of the HMM software uses the IPMICommand to perform operations on the iMana software, the operator can modify the user configuration of iMana through privilege escalation (vulnerability ID: HWPSIRT-2014-11117).
This vulnerability has been assigned a CVE ID: CVE-2014-9696.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| tecal e9000 chassis | lt | V100R001C00SPC160 |
Related
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
40.8%