Lucene search

Huawei TechnologiesHUAWEI-SA-20160824-01-E9000

HistoryAug 24, 2016 - 12:00 a.m.

Security Advisory - XXE Vulnerability in the E9000

2016-08-2400:00:00

Huawei Technologies

www.huawei.com

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:N/A:P

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

50.9%

JSON

E9000 has an XML External Entity (XXE) vulnerability when parsing user-supplied XML documents in HMM (Hyper Management Module). Attackers could exploit this vulnerability to read arbitrary files and cause a denial of the web service. (Vulnerability ID: HWPSIRT-2016-05249)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6898

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en>

Affected configurations

Vulners

Node

huaweie9000_chassisMatchv100r001c00

CPENameOperatorVersion
e9000 chassiseqV100R001C00

CPE	Name	Operator	Version
	e9000 chassis	eq	V100R001C00

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:N/A:P

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

50.9%

JSON

Related for HUAWEI-SA-20160824-01-E9000