Lucene search

[email protected]NVD:CVE-2017-15327

HistoryApr 11, 2018 - 5:29 p.m.

CVE-2017-15327

2018-04-1117:29:00

CWE-200

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.8%

JSON

S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure.

Affected configurations

NVD

Node

huaweis12700_firmwareMatchv200r005c00

huaweis12700_firmwareMatchv200r006c00

huaweis12700_firmwareMatchv200r006c01

huaweis12700_firmwareMatchv200r007c00

huaweis12700_firmwareMatchv200r007c01

huaweis12700_firmwareMatchv200r007c20

huaweis12700_firmwareMatchv200r008c00

huaweis12700_firmwareMatchv200r008c06

huaweis12700_firmwareMatchv200r009c00

huaweis12700_firmwareMatchv200r010c00

AND

huaweis12700Match-

Node

huaweis7700_firmwareMatchv200r001c00

huaweis7700_firmwareMatchv200r001c01

huaweis7700_firmwareMatchv200r002c00

huaweis7700_firmwareMatchv200r003c00

huaweis7700_firmwareMatchv200r005c00

huaweis7700_firmwareMatchv200r006c00

huaweis7700_firmwareMatchv200r006c01

huaweis7700_firmwareMatchv200r007c00

huaweis7700_firmwareMatchv200r007c01

huaweis7700_firmwareMatchv200r008c00

huaweis7700_firmwareMatchv200r008c06

huaweis7700_firmwareMatchv200r009c00

huaweis7700_firmwareMatchv200r010c00

AND

huaweis7700Match-

Node

huaweis9700_firmwareMatchv200r001c00

huaweis9700_firmwareMatchv200r001c01

huaweis9700_firmwareMatchv200r002c00

huaweis9700_firmwareMatchv200r003c00

huaweis9700_firmwareMatchv200r005c00

huaweis9700_firmwareMatchv200r006c00

huaweis9700_firmwareMatchv200r006c01

huaweis9700_firmwareMatchv200r007c00

huaweis9700_firmwareMatchv200r007c01

huaweis9700_firmwareMatchv200r008c00

huaweis9700_firmwareMatchv200r009c00

huaweis9700_firmwareMatchv200r010c00

AND

huaweis9700Match-

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.8%

JSON

Related for NVD:CVE-2017-15327

openvas2 huawei1 cve1 prion1 cvelist1