Lucene search

[email protected]CVE-2016-6825

HistorySep 07, 2016 - 7:28 p.m.

CVE-2016-6825

2016-09-0719:28:14

CWE-285

[email protected]

web.nvd.nist.gov

huawei

xh620 v3

xh622 v3

xh628 v3

rh1288 v3

rh2288 v3

rh2288h v3

software

remote attackers

passwords

brute-force attack

authentication protection mechanisms

cve-2016-6825

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

JSON

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to “lack of authentication protection mechanisms.”

Affected configurations

NVD

Node

huaweirh1288_v3_server_firmwareMatchv100r003c00

huaweirh2288_v3_server_firmwareMatchv100r003c00

huaweirh2288h_v3_server_firmwareMatchv100r003c00

huaweixh620_v3_server_firmwareMatchv100r003c00

huaweixh622_v3_server_firmwareMatchv100r003c00

huaweixh628_v3_server_firmwareMatchv100r003c00

AND

huaweirh1288_v3_serverMatch-

huaweirh2288_v3_serverMatch-

huaweirh2288h_v3_serverMatch-

huaweixh620_v3_serverMatch-

huaweixh622_v3_serverMatch-

huaweixh628_v3_serverMatch-

CPENameOperatorVersion
huawei:rh1288_v3_server_firmwarehuawei rh1288 v3 server firmwareeqv100r003c00
huawei:rh2288_v3_server_firmwarehuawei rh2288 v3 server firmwareeqv100r003c00
huawei:rh2288h_v3_server_firmwarehuawei rh2288h v3 server firmwareeqv100r003c00
huawei:xh620_v3_server_firmwarehuawei xh620 v3 server firmwareeqv100r003c00
huawei:xh622_v3_server_firmwarehuawei xh622 v3 server firmwareeqv100r003c00
huawei:xh628_v3_server_firmwarehuawei xh628 v3 server firmwareeqv100r003c00

CPE	Name	Operator	Version
huawei:rh1288_v3_server_firmware	huawei rh1288 v3 server firmware	eq	v100r003c00
huawei:rh2288_v3_server_firmware	huawei rh2288 v3 server firmware	eq	v100r003c00
huawei:rh2288h_v3_server_firmware	huawei rh2288h v3 server firmware	eq	v100r003c00
huawei:xh620_v3_server_firmware	huawei xh620 v3 server firmware	eq	v100r003c00
huawei:xh622_v3_server_firmware	huawei xh622 v3 server firmware	eq	v100r003c00
huawei:xh628_v3_server_firmware	huawei xh628 v3 server firmware	eq	v100r003c00

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en

www.securityfocus.com/bid/92504

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2016-6825

prion1 cvelist1 huawei1 nvd1