CVE-2017-15352

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.

CVSS v3.0 3.1 LOW
CVSS v2.0 2.9 LOW

3.1^/10

CVSS v3.0 : LOW

V3 Legend

Vector : AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L

Exploitability : 0.5 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

2.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:H/Au:S/C:P/I:N/A:P

Exploitability : 2.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:huawei:oceanstor_2800_firmware:v300r003c00:::::::*
	cpe:2.3:o:huawei:oceanstor_2800_firmware:v300r003c20:::::::*

cpe:2.3:h:huawei:oceanstor_2800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c20:::::::*
	cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c10:::::::*
	cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c00:::::::*

cpe:2.3:h:huawei:oceanstor_5300:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c20:::::::*
	cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c10:::::::*
	cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c00:::::::*

cpe:2.3:h:huawei:oceanstor_5500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:huawei:oceanstor_5600_firmware:v300r003c10:::::::*
	cpe:2.3:o:huawei:oceanstor_5600_firmware:v300r003c20:::::::*
	cpe:2.3:o:huawei:oceanstor_5600_firmware:v300r003c00:::::::*

cpe:2.3:h:huawei:oceanstor_5600:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:huawei:oceanstor_5800_firmware:v300r003c10:::::::*
	cpe:2.3:o:huawei:oceanstor_5800_firmware:v300r003c20:::::::*
	cpe:2.3:o:huawei:oceanstor_5800_firmware:v300r003c00:::::::*

cpe:2.3:h:huawei:oceanstor_5800:-:*:*:*:*:*:*:*

Information

Published : 2018-02-15 08:29

Updated : 2019-10-02 17:03

NVD link : CVE-2017-15352

Mitre link : CVE-2017-15352

JSON object : View

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

Products Affected

huawei

oceanstor_5300
oceanstor_5600
oceanstor_2800_firmware
oceanstor_5800_firmware
oceanstor_5500
oceanstor_5300_firmware
oceanstor_5800
oceanstor_5500_firmware
oceanstor_2800
oceanstor_5600_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en", "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-732"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-15352", "ASSIGNER": "psirt@huawei.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 2.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.5}}, "publishedDate": "2018-02-15T16:29Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_2800_firmware:v300r003c00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_2800_firmware:v300r003c20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:oceanstor_2800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:oceanstor_5300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:oceanstor_5500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_5600_firmware:v300r003c10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_5600_firmware:v300r003c20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_5600_firmware:v300r003c00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:oceanstor_5600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_5800_firmware:v300r003c10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_5800_firmware:v300r003c20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:huawei:oceanstor_5800_firmware:v300r003c00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:oceanstor_5800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-03T00:03Z"}

3.1 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

2.9 /10

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2017-15352

3.1^/10

2.9^/10

Attach tags to `CVE-2017-15352`