Lucene search

MitreCVE-2016-6827

HistorySep 26, 2016 - 4:59 p.m.

CVE-2016-6827

2016-09-2616:59:07

CWE-200

mitre

web.nvd.nist.gov

huawei

fusioncompute

v100r005c10cp7002

cleartext

aes keys

remote users

sensitive information

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

46.3%

JSON

Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Affected configurations

Nvd

Node

huaweifusioncomputeRange≤v100r003c10

VendorProductVersionCPE
huaweifusioncompute*cpe:2.3:a:huawei:fusioncompute:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	fusioncompute	*	cpe:2.3:a:huawei:fusioncompute::::::::

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160815-01-fusioncompute-en

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160815-01-fusioncompute-EN

www.securityfocus.com/bid/92626

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

46.3%

JSON

Related for CVE-2016-6827