ID HUAWEI-SA-20151126-01-VCN500
Type huawei
Reporter Huawei Technologies
Modified 2015-11-26T00:00:00
Description
Products
Switches
Routers
WLAN
Servers
See All
Solutions
Cloud Data Center
Enterprise Networking
Wireless Private Network
Solutions by Industry
See All
Services
Training and Certification
ICT Lifecycle Services
Technology Services
Industry Solution Services
See All
See all offerings at e.huawei.com
Need Support ?
Product Support
Software Download
Community
Tools
Go to Full Support
{"id": "HUAWEI-SA-20151126-01-VCN500", "bulletinFamily": "software", "title": "Security Advisory - Replay Attack Vulnerability of Users Abnormal Exit in VCN500", "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "published": "2015-11-26T00:00:00", "modified": "2015-11-26T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.huawei.com/en/psirt/security-advisories/2015/hw-463067", "reporter": "Huawei Technologies", "references": [], "cvelist": ["CVE-2015-8331"], "type": "huawei", "lastseen": "2019-02-01T18:02:06", "edition": 1, "viewCount": 2, "enchantments": {"score": {"value": 4.7, "vector": "NONE", "modified": "2019-02-01T18:02:06", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-8331"]}], "modified": "2019-02-01T18:02:06", "rev": 2}, "vulnersScore": 4.7}, "affectedSoftware": [{"name": "VCN500", "operator": "eq", "version": "V100R002C00SPC200B010"}], "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T06:21:30", "description": "The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an \"abnormal exit\" occurs, which allows remote attackers to conduct replay attacks via the session ID.", "edition": 4, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2016-01-11T15:59:00", "title": "CVE-2015-8331", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8331"], "modified": "2016-01-11T23:36:00", "cpe": ["cpe:/a:huawei:vcn500:v100r002c00spc200b010"], "id": "CVE-2015-8331", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8331", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:huawei:vcn500:v100r002c00spc200b010:*:*:*:*:*:*:*"]}]}
