5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
53.7%
The Unified Maintenance Audit (UMA) system provides a unified portal for O&M operations, controls and records users’ O&M operations, and supports auditing by way of command display and video replay.
The UMA has two security vulnerabilities. One vulnerability is due to insufficient parameter validation on some pages, allowing an attacker to reset the password of an arbitrary user. Successful exploit could affect system data integrity. (Vulnerability ID: HWPSIRT-2016-07049)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-7107.
Another vulnerability allows users to obtain the MD5 values of other users’ passwords, causing the leak of users’ sensitive information. (Vulnerability ID: HWPSIRT-2016-07051)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-7108.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en
CPE | Name | Operator | Version |
---|---|---|---|
uma | lt | V200R001C00SPC200 |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
53.7%