Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20150609-01-VENOM
HistoryJun 09, 2015 - 12:00 a.m.

Security Advisory - VENOM Vulnerability in Huawei Products

2015-06-0900:00:00
Huawei Technologies
www.huawei.com
27

CVSS2

7.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

EPSS

0.001

Percentile

41.0%

Huawei has noticed the buffer overflow vulnerability in the floppy disk controller (FDC) of QEMU disclosed by open source organization Xen. This vulnerability allows an attacker to escape out of the virtual machine, execute code on the physical host with full privilege. (Vulnerability ID: HWPSIRT-2015-05025)

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-3456.

Affected configurations

Vulners
Node
huaweifusioncompute_firmwareRange<V100R003C00SPC300
OR
huaweifusioncompute_firmwareRange<V100R003C10SPC600
OR
huaweifusioncompute_firmwareRange<V100R005C00SPC300
OR
huaweifusionsphere_openstack_firmwareRange<V100R005C00SPC115
VendorProductVersionCPE
huaweifusioncompute_firmware*cpe:2.3:o:huawei:fusioncompute_firmware:*:*:*:*:*:*:*:*
huaweifusionsphere_openstack_firmware*cpe:2.3:o:huawei:fusionsphere_openstack_firmware:*:*:*:*:*:*:*:*

CVSS2

7.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

EPSS

0.001

Percentile

41.0%