Huawei TechnologiesHUAWEI-SA-20150909-02-FUSIONACCESSSecurity Advisory - Insufficient Input Verification Vulnerability in the FusionAccess
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
46.2%
FusionAccess is a kind of virtual desktop applications based on Huawei cloud platform. Through the deployment of Huawei desktop cloud software on the cloud platform, customers can access the cloud desktop by the thin client device or other devices.
There is an insufficient input verification vulnerability in the product. An attacker could graft and send malformed HDP protocol packet to exploit this vulnerability. This may cause the virtual cloud desktop displaying error and not usable (Vulnerability ID: HWPSIRT-2015-06005).
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-7844.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| fusionaccess | eq | V100R005C10 | |
| fusionaccess | eq | V100R005C20 |
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
46.2%