Lucene search

Huawei TechnologiesHUAWEI-SA-20171122-01-OCEANSTOR

HistoryNov 22, 2017 - 12:00 a.m.

Security Advisory - Improper Access Control Vulnerability in Some Huawei OceanStor products

2017-11-2200:00:00

Huawei Technologies

www.huawei.com

2.9 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:H/Au:S/C:P/I:N/A:P

3.1 Low

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L

0.0004 Low

EPSS

Percentile

12.6%

JSON

There is an improper access control vulnerability in Some Huawei OceanStor products. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-06243) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-15352.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en

Affected configurations

Vulners

Node

huaweioceanstor_2800_firmwareMatchv300r003c00

huaweioceanstor_2800_firmwareMatchv300r003c20

huaweioceanstor_5300_firmwareMatchv300r003c00

huaweioceanstor_5300_firmwareMatchv300r003c10

huaweioceanstor_5300_firmwareMatchv300r003c20

huaweioceanstor_5500_firmwareMatchv300r003c00

huaweioceanstor_5500_firmwareMatchv300r003c10

huaweioceanstor_5500_firmwareMatchv300r003c20

huaweioceanstor_5600_v3_firmwareMatchv300r003c00

huaweioceanstor_5600_v3_firmwareMatchv300r003c10

huaweioceanstor_5600_v3_firmwareMatchv300r003c20

huaweioceanstor_5800_v3Matchv300r003c00

huaweioceanstor_5800_v3Matchv300r003c10

huaweioceanstor_5800_v3Matchv300r003c20

CPENameOperatorVersion
oceanstor 2800 v3eqV300R003C00
oceanstor 2800 v3eqV300R003C20
oceanstor 5300 v3eqV300R003C00
oceanstor 5300 v3eqV300R003C10
oceanstor 5300 v3eqV300R003C20
oceanstor 5500 v3eqV300R003C00
oceanstor 5500 v3eqV300R003C10
oceanstor 5500 v3eqV300R003C20
oceanstor 5600 v3eqV300R003C00
oceanstor 5600 v3eqV300R003C10

Name	Operator	Version
oceanstor 2800 v3	eq	V300R003C00
oceanstor 2800 v3	eq	V300R003C20
oceanstor 5300 v3	eq	V300R003C00
oceanstor 5300 v3	eq	V300R003C10
oceanstor 5300 v3	eq	V300R003C20
oceanstor 5500 v3	eq	V300R003C00
oceanstor 5500 v3	eq	V300R003C10
oceanstor 5500 v3	eq	V300R003C20
oceanstor 5600 v3	eq	V300R003C00
oceanstor 5600 v3	eq	V300R003C10

Rows per page:

1-10 of 141

2.9 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:H/Au:S/C:P/I:N/A:P

3.1 Low

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for HUAWEI-SA-20171122-01-OCEANSTOR