Vulnerability CVE-2017-15352


Published: 2018-02-15

Description:
Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.

Type:

CWE-732

CVSS2 => (AV:A/AC:H/Au:S/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.9/10
4.9/10
2.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
High
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial
Affected software
Huawei -> Oceanstor 2800 firmware 
Huawei -> Oceanstor 5300 firmware 
Huawei -> Oceanstor 5500 firmware 
Huawei -> Oceanstor 5600 firmware 
Huawei -> Oceanstor 5800 firmware 

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en

Copyright 2024, cxsecurity.com

 

Back to Top