Vulnerability Details : CVE-2015-8086
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage.
Products affected by CVE-2015-8086
- cpe:2.3:o:huawei:ar_firmware:v200r002:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar_firmware:v200r001:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar_firmware:v200r003:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar_firmware:v200r005c10:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar_firmware:v200r005c20:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ar_firmware:v200r005c30:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300_firmware:v200r005c00spc500:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300_firmware:v200r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5300_firmware:v200r006c00spc500:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300_firmware:v200r006c00spc500:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s9300_firmware:v200r005c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s12700_firmware:v200r005c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s12700_firmware:v200r006c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5700_firmware:v200r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5700_firmware:v200r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5700_firmware:v200r005c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5700_firmware:v200r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:s5700_firmware:v200r006c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:quidway_s9300_firmware:v200r003c00spc500:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:quidway_s9300_firmware:v200r002c00spc100:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:quidway_s9300_firmware:v200r001c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:quidway_s5300_firmware:v200r001c00spc300:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8086
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 4 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8086
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
4.9
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
1.2
|
3.6
|
NIST |
CWE ids for CVE-2015-8086
-
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8086
-
http://www.securityfocus.com/bid/76897
Huawei AR Routers Multiple Information Disclosure Vulnerabilities
-
http://www.huawei.com/en/psirt/security-advisories/hw-455876
Security Advisory - Information Leak Vulnerability in Certain Huawei ProductsVendor Advisory
Jump to