Lucene search

Huawei TechnologiesHUAWEI-SA-20160905-01-ESPACE

HistorySep 05, 2016 - 12:00 a.m.

Security Advisory - Information Leak Vulnerability in Huawei eSpace IAD

2016-09-0500:00:00

Huawei Technologies

www.huawei.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

39.5%

JSON

Huawei eSpace IAD products have an information leak vulnerability. Some Web pages do not verify the validity of the permission. An attacker can check and download the fault information by access special URL. (Vulnerability ID: HWPSIRT-2016-08001)
This vulnerability has been assigned a CVE ID: CVE-2016-8271.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-espace-en

Affected configurations

Vulners

Node

huaweiespace_8950Range<V300R002C01SPC100

CPENameOperatorVersion
espace iadltV300R002C01SPC100

CPE	Name	Operator	Version
	espace iad	lt	V300R002C01SPC100

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

39.5%

JSON

Related for HUAWEI-SA-20160905-01-ESPACE