5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
57.1%
Huawei TE series is a multimedia video conferencing endpoint that transfers audio, video, and desktop resources based on IP networks. It offers point-to-point and multiparty conferences for attendees at different places to enjoy face-to-face audio/video communication experience.
A security vulnerability exists in the presentatibon sending/receiving permission management mechanism of Huawei TE product. An attacker can access the TE through Wi-Fi to trigger abnormal processing of wireless presentation in specific scenarios. As a result, the sending of wired presentation in use stops, affecting normal services. (Vulnerability ID: HWPSIRT-2015-08043)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8672.
The Debug account on Huawei TE product has an old password check vulnerability. If a user logs in to a PC using the Debug account and leaves the PC, an attacker changes the password of the Debug account without entering the old password and obtains the permissions of the Debug account. (Vulnerability ID: HWPSIRT-2015-10002)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8673.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
<http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462952.htm>
CPE | Name | Operator | Version |
---|---|---|---|
te30 | eq | TE60[1] | |
te30 | eq | V100R001C10B022 | |
40 | eq | TE60[1] | |
40 | eq | V100R001C10B022 | |
50 | eq | TE60[1] | |
50 | eq | V100R001C10B022 | |
60 | eq | TE60[1] | |
60 | eq | V100R001C10B022 |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
57.1%