4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
43.5%
Some Huawei products have two information leak vulnerabilities caused by improper encryption mechanisms.
Users can use reversible or irreversible encryption algorithms to encrypt passwords. If a reversible encryption algorithm is used to encrypt administrators’ passwords, an attacker with high administrative privileges can log in to the device, obtain the ciphertext password of a higher-level administrator, and crack it to get elevated privileges. (Vulnerability ID: HWPSIRT-2015-06073)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8085.
Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys. (Vulnerability ID: HWPSIRT-2015-06080)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8086.
After successful exploitation of the two vulnerabilities, the attacker can obtain plaintext passwords, leading to user information leaks.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-455876.htm
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
43.5%