7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
73.5%
Some Huawei server products have multiple security vulnerabilities.
1.Some Huawei server products have the sensitive information leak vulnerability. Users who log in to the products can view the sessions IDs of all online users on the Online Users page of the web UI. Attackers can also view the session IDs of users and access the system with forged identities (vulnerability ID: HWPSIRT-2014-11109).
This vulnerability has been assigned a CVE ID: CVE-2014-9691.
2.Some Huawei server products have the insufficiently random RMCP+ session ID vulnerability. The products can use only few limited RMCP+ session IDs. Attackers can figure out the RMCP+ session IDs of users and access the system with forged identities (vulnerability ID: HWPSIRT-2014-11113).
This vulnerability has been assigned a CVE ID: CVE-2014-9692.
3.Some Huawei server products have the cache overflow vulnerability. When processing some packets from the DNS server, the products do not identify the data length. Attackers can exploit the vulnerability to execute arbitrary code or restart the system (vulnerability ID: HWPSIRT-2014-11114).
This vulnerability has been assigned a CVE ID: CVE-2014-9693.
4.Some Huawei server products have the CSRF vulnerability. The products do not use the Token mechanism for web access control. When users log in to the Huawei servers and access websites containing the malicious CSRF script, the CSRF script is executed, which may cause configuration tampering and system restart (HWPSIRT-2014-11115).
This vulnerability has been assigned a CVE ID: CVE-2014-9694.
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
73.5%