Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20160527-01-STRUTS2
HistoryMay 27, 2016 - 12:00 a.m.

Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products

2016-05-2700:00:00
Huawei Technologies
www.huawei.com
30
huawei
apache struts2
remote code execution
vulnerability
software update

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.975

Percentile

100.0%

Apache Struts2 released a remote code execution vulnerability in S2-032 on the official website,when Dynamic Method Invocation (DMI) is enabled, an exploit could allow the attacker to cause remote code execution.(Vulnerability ID: HWPSIRT-2016-04052)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-3081.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en

Affected configurations

Vulners
Node
huaweiagile_controller-campus_firmwareMatchv100r002c00
OR
huaweianyofficeMatchv200r005c00
OR
huaweianyofficeMatchv200r006c00
OR
huaweifirehunter6000_firmwareMatchv100r001c20
OR
huaweilogcenterMatchv100r001c10
OR
huaweilogcenterMatchv100r001c20
OR
huaweioceanstor_5300_firmwareMatchv300r001
OR
huawei5500_v3_firmwareMatchv300r001
OR
huaweioceanstor_5600_v3_firmwareMatchv300r001
OR
huaweioceanstor_5800_v3Matchv300r001
OR
huawei6800_v3_firmwareMatchv300r001
OR
huaweioceanstor_18500_firmwareMatchv300r001
OR
huawei18500f_v3_firmwareMatchv300r001
OR
huaweioceanstor_18800_firmwareMatchv300r001
OR
huaweioceanstor_18800f_firmwareMatchv300r001
OR
huaweioceanstor_5300_firmwareMatchv300r002
OR
huawei5500_v3_firmwareMatchv300r002
OR
huaweioceanstor_5600_v3_firmwareMatchv300r002
OR
huaweioceanstor_5800_v3Matchv300r002
OR
huawei6800_v3_firmwareMatchv300r002
OR
huaweioceanstor_18500_firmwareMatchv300r002
OR
huawei18500f_v3_firmwareMatchv300r002
OR
huaweioceanstor_18800_firmwareMatchv300r002
OR
huaweioceanstor_18800f_firmwareMatchv300r002
OR
huaweioceanstor_5300_firmwareMatchv300r003c00
OR
huawei5500_v3_firmwareMatchv300r003c00
OR
huaweioceanstor_5600_v3_firmwareMatchv300r003c00
OR
huaweioceanstor_5800_v3Matchv300r003c00
OR
huawei6800_v3_firmwareMatchv300r003c00
OR
huaweioceanstor_18500_firmwareMatchv300r003c00
OR
huawei18500f_v3_firmwareMatchv300r003c00
OR
huaweioceanstor_18800_firmwareMatchv300r003c00
OR
huaweioceanstor_18800f_firmwareMatchv300r003c00
OR
huaweioceanstor_5300_firmwareMatchv300r003c10
OR
huawei5500_v3_firmwareMatchv300r003c10
OR
huaweioceanstor_5600_v3_firmwareMatchv300r003c10
OR
huaweioceanstor_5800_v3Matchv300r003c10
OR
huawei6800_v3_firmwareMatchv300r003c10
OR
huaweioceanstor_18500_firmwareMatchv300r003c10
OR
huawei18500f_v3_firmwareMatchv300r003c10
OR
huaweioceanstor_18800_firmwareMatchv300r003c10
OR
huaweioceanstor_18800f_firmwareMatchv300r003c10
OR
huaweioceanstor_9000_firmwareMatchv100r001c01
OR
huaweioceanstor_9000_firmwareMatchv100r001c30
OR
huaweioceanstor_9000_firmwareMatchv300r005c00
OR
huaweioceanstor_n8500_firmwareMatchv200r001c09spc505
OR
huaweioceanstor_n8500_firmwareMatchv200r001c91spc205
OR
huaweioceanstor_n8500_firmwareMatchv200r001c91spc900
OR
huaweioceanstor_n8500_firmwareMatchv200r001c91spc901
OR
huaweioceanstor_onebox_firmwareMatchv100r003c10
VendorProductVersionCPE
huaweiagile_controller-campus_firmwarev100r002c00cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c00:*:*:*:*:*:*:*
huaweianyofficev200r005c00cpe:2.3:a:huawei:anyoffice:v200r005c00:*:*:*:*:*:*:*
huaweianyofficev200r006c00cpe:2.3:a:huawei:anyoffice:v200r006c00:*:*:*:*:*:*:*
huaweifirehunter6000_firmwarev100r001c20cpe:2.3:a:huawei:firehunter6000_firmware:v100r001c20:*:*:*:*:*:*:*
huaweilogcenterv100r001c10cpe:2.3:a:huawei:logcenter:v100r001c10:*:*:*:*:*:*:*
huaweilogcenterv100r001c20cpe:2.3:a:huawei:logcenter:v100r001c20:*:*:*:*:*:*:*
huaweioceanstor_5300_firmwarev300r001cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r001:*:*:*:*:*:*:*
huawei5500_v3_firmwarev300r001cpe:2.3:a:huawei:5500_v3_firmware:v300r001:*:*:*:*:*:*:*
huaweioceanstor_5600_v3_firmwarev300r001cpe:2.3:o:huawei:oceanstor_5600_v3_firmware:v300r001:*:*:*:*:*:*:*
huaweioceanstor_5800_v3v300r001cpe:2.3:a:huawei:oceanstor_5800_v3:v300r001:*:*:*:*:*:*:*
Rows per page:
1-10 of 501

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.975

Percentile

100.0%