Lucene search

Huawei TechnologiesHUAWEI-SA-20180131-01-IBMC

HistoryJan 31, 2018 - 12:00 a.m.

Security Advisory - Improper Authorization Vulnerability on iBMC

2018-01-3100:00:00

Huawei Technologies

www.huawei.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

21.7%

JSON

There is an improper authorization vulnerability on iBMC. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure. (Vulnerability ID: HWPSIRT-2017-07182)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17323.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180131-01-ibmc-en

Affected configurations

Vulners

Node

huaweich121_v3_firmwareMatchch121

huaweich121_v3_firmwareMatchv3

huaweich121_v3_firmwareMatchv100r001c00

huaweich121l_v3_firmwareMatchch121l

huaweich121l_v3_firmwareMatchv3

huaweich121l_v3_firmwareMatchv100r001c00

huaweich140_v3_firmwareMatchch140

huaweich140_v3_firmwareMatchv3

huaweich140_v3_firmwareMatchv100r001c00

huaweich140l_v3_firmwareMatchch140l

huaweich140l_v3_firmwareMatchv3

huaweich140l_v3_firmwareMatchv100r001c00

huaweich220_v3_firmwareMatchch220

huaweich220_v3_firmwareMatchv3

huaweich220_v3_firmwareMatchv100r001c00

huaweich222_v3_firmwareMatchch222

huaweich222_v3_firmwareMatchv3

huaweich222_v3_firmwareMatchv100r001c00

huaweich242_v3_firmwareMatchch242

huaweich242_v3_firmwareMatchv3

huaweich242_v3_firmwareMatchv100r001c00

huaweirh1288_v3_firmwareMatchrh1288

huaweirh1288_v3_firmwareMatchv3

huaweirh1288_v3_firmwareMatchv100r003c00

huaweirh2288_v3_firmwareMatchrh2288

huaweirh2288_v3_firmwareMatchv3

huaweirh2288_v3_firmwareMatchv100r003c00

huaweirh2288h_v3_firmwareMatchrh2288h

huaweirh2288h_v3_firmwareMatchv3

huaweirh2288h_v3_firmwareMatchv100r003c00

huaweixh310_v3_firmwareMatchxh310

huaweixh310_v3_firmwareMatchv3

huaweixh310_v3_firmwareMatchv100r003c00

huaweixh321_v3_firmwareMatchxh321

huaweixh321_v3_firmwareMatchv3

huaweixh321_v3_firmwareMatchv100r003c00

huaweixh620_v3_firmwareMatchxh620

huaweixh620_v3_firmwareMatchv3

huaweixh620_v3_firmwareMatchv100r003c00

huaweich121_v5_firmwareMatchch121

huaweich121_v5_firmwareMatchv5

huaweich121_v5_firmwareMatchv100r001c00

huaweich121l_v5_firmwareMatchch121l

huaweich121l_v5_firmwareMatchv5

huaweich121l_v5_firmwareMatchv100r001c00

huaweich242_v5_firmwareMatchch242

huaweich242_v5_firmwareMatchv5

huaweich242_v5_firmwareMatchv100r001c00

huawei1288h_v5_firmwareMatch1288h

huawei1288h_v5_firmwareMatchv5

huawei1288h_v5_firmwareMatchv100r005c00

huawei2288h_v5_firmwareMatch2288h

huawei2288h_v5_firmwareMatchv5

huawei2288h_v5_firmwareMatchv100r005c00

huawei2488_v5_firmwareMatch2488

huawei2488_v5_firmwareMatchv5

huawei2488_v5_firmwareMatchv100r005c00

huaweixh321_v5_firmwareMatchxh321

huaweixh321_v5_firmwareMatchv5

huaweixh321_v5_firmwareMatchv100r005c00

VendorProductVersionCPE
huaweich121_v3_firmwarech121cpe:2.3:o:huawei:ch121_v3_firmware:ch121:*:*:*:*:*:*:*
huaweich121_v3_firmwarev3cpe:2.3:o:huawei:ch121_v3_firmware:v3:*:*:*:*:*:*:*
huaweich121_v3_firmwarev100r001c00cpe:2.3:o:huawei:ch121_v3_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich121l_v3_firmwarech121lcpe:2.3:o:huawei:ch121l_v3_firmware:ch121l:*:*:*:*:*:*:*
huaweich121l_v3_firmwarev3cpe:2.3:o:huawei:ch121l_v3_firmware:v3:*:*:*:*:*:*:*
huaweich121l_v3_firmwarev100r001c00cpe:2.3:o:huawei:ch121l_v3_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich140_v3_firmwarech140cpe:2.3:o:huawei:ch140_v3_firmware:ch140:*:*:*:*:*:*:*
huaweich140_v3_firmwarev3cpe:2.3:o:huawei:ch140_v3_firmware:v3:*:*:*:*:*:*:*
huaweich140_v3_firmwarev100r001c00cpe:2.3:o:huawei:ch140_v3_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich140l_v3_firmwarech140lcpe:2.3:o:huawei:ch140l_v3_firmware:ch140l:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	ch121_v3_firmware	ch121	cpe:2.3:o:huawei:ch121_v3_firmware:ch121:::::::*
huawei	ch121_v3_firmware	v3	cpe:2.3:o:huawei:ch121_v3_firmware:v3:::::::*
huawei	ch121_v3_firmware	v100r001c00	cpe:2.3:o:huawei:ch121_v3_firmware:v100r001c00:::::::*
huawei	ch121l_v3_firmware	ch121l	cpe:2.3:o:huawei:ch121l_v3_firmware:ch121l:::::::*
huawei	ch121l_v3_firmware	v3	cpe:2.3:o:huawei:ch121l_v3_firmware:v3:::::::*
huawei	ch121l_v3_firmware	v100r001c00	cpe:2.3:o:huawei:ch121l_v3_firmware:v100r001c00:::::::*
huawei	ch140_v3_firmware	ch140	cpe:2.3:o:huawei:ch140_v3_firmware:ch140:::::::*
huawei	ch140_v3_firmware	v3	cpe:2.3:o:huawei:ch140_v3_firmware:v3:::::::*
huawei	ch140_v3_firmware	v100r001c00	cpe:2.3:o:huawei:ch140_v3_firmware:v100r001c00:::::::*
huawei	ch140l_v3_firmware	ch140l	cpe:2.3:o:huawei:ch140l_v3_firmware:ch140l:::::::*

Rows per page:

1-10 of 601

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

21.7%

JSON

Related for HUAWEI-SA-20180131-01-IBMC