|
|
Huawei : Security Vulnerabilities (CVSS score between 8 and 8.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-17223 |
22 |
|
Dir. Trav. +Info |
2018-03-09 |
2018-03-26 |
8.0 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Complete |
|
Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash. |
|
2 |
CVE-2017-8135 |
77 |
|
+Priv |
2017-11-22 |
2017-12-27 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. |
|
3 |
CVE-2017-8134 |
77 |
|
+Priv |
2017-11-22 |
2017-12-06 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. |
|
4 |
CVE-2017-8132 |
77 |
|
+Priv |
2017-11-22 |
2017-12-06 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. |
|
5 |
CVE-2017-8131 |
77 |
|
+Priv |
2017-11-22 |
2017-12-06 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. |
|
6 |
CVE-2017-2719 |
77 |
|
+Priv |
2017-11-22 |
2017-12-08 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. |
|
7 |
CVE-2017-2718 |
77 |
|
+Priv |
2017-11-22 |
2017-12-05 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. |
|
8 |
CVE-2015-8227 |
20 |
|
DoS +Info |
2015-11-24 |
2016-09-13 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted message. |
|
9 |
CVE-2013-4629 |
255 |
|
|
2013-06-20 |
2013-06-21 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method. |
|
10 |
CVE-2012-3268 |
200 |
|
+Info |
2013-02-01 |
2018-08-13 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. |
Total number of vulnerabilities : 10
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
