10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
73.1%
Multiple security vulnerabilities exist in Huawei FusionServer products.
Command injection vulnerability exists in Huawei FusionServer products. An attacker could change the input parameters on the login page and enter commands, such as user creation command. (Vulnerability ID: HWPSIRT-2015-06075)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-7841.
Huawei FusionServer products do not verify the permission of a user who attempts to change the specific information. An attacker could exploit this vulnerability to log in to a server as an operator, graft a message to change the specific information, and send the message to the server to change the server information. (Vulnerability ID: HWPSIRT-2015-06076)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-7842.
A brute force cracking vulnerability exists in Huawei FusionServer products. An attacker could log in as a low-level user and execute some commands on the management interface to verify whether the user name and password of a higher-level user are correct. The device does not restrict the number of query attempts. As a result, a low-level user could brute force crack the user names and passwords of higher-level users, leading to leakage of sensitive information. (Vulnerability ID: HWPSIRT-2015-06078)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-7843.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
<http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm>
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
73.1%