Lucene search

[email protected]CVE-2016-6900

HistorySep 07, 2016 - 7:28 p.m.

CVE-2016-6900

2016-09-0719:28:21

CWE-399

[email protected]

web.nvd.nist.gov

cve-2016-6900

ibmc

huawei

rh1288 v3

rh2288 v3

rh2288h v3

rh5885 v3

xh620 v3

xh622 v3

xh628 v3

denial of service

vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors.

Affected configurations

NVD

Node

huaweirh1288_v3_server_firmwareMatchv100r003c00

huaweirh2288_v3_server_firmwareMatchv100r003c00

huaweirh2288h_v3_server_firmwareMatchv100r003c00

huaweixh620_v3_server_firmwareMatchv100r003c00

huaweixh622_v3_server_firmwareMatchv100r003c00

huaweixh628_v3_server_firmwareMatchv100r003c00

AND

huaweirh1288_v3_serverMatch-

huaweirh2288_v3_serverMatch-

huaweirh2288h_v3_serverMatch-

huaweixh620_v3_serverMatch-

huaweixh622_v3_serverMatch-

huaweixh628_v3_serverMatch-

Node

huaweirh5885_v3_server_firmwareMatchv100r003c01

AND

huaweirh5885_v3_serverMatch-

CPENameOperatorVersion
huawei:rh1288_v3_server_firmwarehuawei rh1288 v3 server firmwareeqv100r003c00
huawei:rh2288_v3_server_firmwarehuawei rh2288 v3 server firmwareeqv100r003c00
huawei:rh2288h_v3_server_firmwarehuawei rh2288h v3 server firmwareeqv100r003c00
huawei:xh620_v3_server_firmwarehuawei xh620 v3 server firmwareeqv100r003c00
huawei:xh622_v3_server_firmwarehuawei xh622 v3 server firmwareeqv100r003c00
huawei:xh628_v3_server_firmwarehuawei xh628 v3 server firmwareeqv100r003c00

CPE	Name	Operator	Version
huawei:rh1288_v3_server_firmware	huawei rh1288 v3 server firmware	eq	v100r003c00
huawei:rh2288_v3_server_firmware	huawei rh2288 v3 server firmware	eq	v100r003c00
huawei:rh2288h_v3_server_firmware	huawei rh2288h v3 server firmware	eq	v100r003c00
huawei:xh620_v3_server_firmware	huawei xh620 v3 server firmware	eq	v100r003c00
huawei:xh622_v3_server_firmware	huawei xh622 v3 server firmware	eq	v100r003c00
huawei:xh628_v3_server_firmware	huawei xh628 v3 server firmware	eq	v100r003c00

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-server-en

Social References

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2016-6900

nvd1 prion1 cvelist1 huawei1