CVE-2015-7842

Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions.

CVSS v3.0 7.1 HIGH
CVSS v2.0 5.5 MEDIUM

7.1^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm	Vendor Advisory
http://www.securityfocus.com/bid/76836	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:rh2288_v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2288_v3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:rh2288h_v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2288h_v3:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:xh628_v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:xh628_v3:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:rh1288_v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh1288_v3:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:huawei:rh2288a_v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2288a_v2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:huawei:rh1288a_v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh1288a_v2:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:huawei:rh8100_v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh8100_v3:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:huawei:ch222_v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ch222_v3:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:huawei:ch220_v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ch220_v3:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:huawei:ch121_v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ch121_v3:-:*:*:*:*:*:*:*

Information

Published : 2017-10-09 18:30

Updated : 2017-11-05 15:14

NVD link : CVE-2015-7842

Mitre link : CVE-2015-7842

JSON object : View

CWE

CWE-275

Permission Issues

Products Affected

huawei

rh2288_v3_firmware
rh2288a_v2_firmware
rh2288h_v3_firmware
ch121_v3_firmware
rh1288a_v2_firmware
rh8100_v3
rh2288h_v3
ch220_v3
rh2288_v3
xh628_v3_firmware
ch222_v3
ch220_v3_firmware
xh628_v3
ch222_v3_firmware
rh8100_v3_firmware
rh2288a_v2
rh1288a_v2
ch121_v3
rh1288_v3
rh1288_v3_firmware

7.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

5.5 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2015-7842

7.1^/10

5.5^/10

Attach tags to `CVE-2015-7842`