CVE-2017-15327

S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en	Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:huawei:s12700_firmware:v200r005c00:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r006c00:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r006c01:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r007c01:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r007c20:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r008c00:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r008c06:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:s7700_firmware:v200r001c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r001c01:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r002c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r003c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r005c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r006c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r006c01:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r007c01:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r008c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r008c06:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:huawei:s9700_firmware:v200r001c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r001c01:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r002c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r003c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r005c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r006c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r006c01:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r007c01:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r008c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:14

Type	Values Removed	Values Added
References	~~() http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en - Vendor Advisory~~	() http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en - Vendor Advisory

Information

Published : 2018-04-11 17:29

Updated : 2024-11-21 03:14

NVD link : CVE-2017-15327

Mitre link : CVE-2017-15327

CVE.ORG link : CVE-2017-15327

JSON object : View

Products Affected

huawei

s9700_firmware
s12700
s12700_firmware
s7700
s7700_firmware
s9700

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2017-15327", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2018-04-11T17:29:00.147", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure."}, {"lang": "es", "value": "S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00 y V200R010C00 tienen una vulnerabilidad de autorizaci\u00f3n incorrecta en productos switch de Huawei. El sistema realiza de manera err\u00f3nea una comprobaci\u00f3n de autorizaci\u00f3n cuando un usuario normal intenta acceder a cierta informaci\u00f3n a la que se supone que solo pueden acceder los usuarios autenticados. La explotaci\u00f3n con \u00e9xito podr\u00eda resultar en una divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2024-11-21T03:14:28.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r005c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D81469B-EC6C-493D-B632-4DF821A1F304"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6F2C4C7-3438-42B8-8999-C17E45C8CF49"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r006c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACAB5D62-CAC9-41D0-BBBC-93E22AD8EAF5"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r007c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10CBC93B-5CF6-45BF-A90A-84B7693E27FD"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r007c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC4803A7-44B2-41BA-814D-151239B92CEF"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r007c20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "985C07E4-1E27-4191-9FB8-4714A177479D"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r008c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD4C5CC9-FD60-4C64-8F88-CFC71BBEA663"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r008c06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A787767-F56E-4930-B366-C7E103CAC1CE"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r009c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B17A34EF-677D-4264-82FB-F7F582C9F56B"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r010c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "933755CC-4A0B-42FB-9491-3C841059851D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "138C1E57-176C-46B1-9704-D9C8391CC802"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F49D3EAD-1EB3-4C62-80BA-4C9C3CE0408C"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r001c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65902ABB-3EF2-4C8B-BAC1-84BC585019BA"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D75B012-A57D-4C6D-AB26-51D2ECC02F35"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r003c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1DFF0C0-AA17-4AA1-A418-4759D1A58852"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r005c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D84F05D5-BA7D-485B-91C2-273349335CFB"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF3FB3CC-2EAC-4A08-BDDC-DCACEE9FA2AE"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r006c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "345DA517-033D-4C94-A7F2-77C047309E2A"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r007c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2377CD30-6F57-46CB-9DD1-E29458A7D928"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r007c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D55C2AC7-FF47-4160-B524-E3E6C54612E1"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r008c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D79CD09-3414-4105-AD59-F3D1BAC61B7E"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r008c06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6712B77-1268-4A5A-B383-E51D9D51F108"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r009c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB2A3C92-C5C6-4BE6-A9F6-21C28D68C080"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r010c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37E3F87E-EA36-41ED-8793-F6C166FFC4A7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8769C2C4-E333-432B-8943-CFDFAE013379"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B1F0B3D-1923-42C3-A3DB-03D11BE059D9"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r001c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "032E5E4D-B1B8-4659-8B62-3DC237234501"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FB6ED15-477B-4BB5-AA94-0D7897FBD962"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r003c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06AD9ACA-E0C3-4096-BE50-94E717CDA318"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r005c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "325D6523-A07A-48D4-AD44-CF838BD77432"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AC7E622-010C-4C5D-8AA6-D4793AFCE0E0"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r006c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "702A6BB8-B9D5-4160-94C9-12CF35485FC9"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r007c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D78DAB13-32AA-4813-AB0A-0EA870F41183"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r007c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38515A04-EC21-40B3-A29C-8D0A5883EA4A"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r008c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36AB80F7-1BD2-4169-AC70-708CE84BB15C"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r009c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01A0EC8F-6A8A-487F-A92A-789E3789788F"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r010c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C6DC309-2FC6-4014-9C2B-8EE12C7BB08F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "75FAA4BF-1ED0-4059-ADA1-071AF1BF2882"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}

4.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-15327

4.3^/10

4.0^/10

Attach tags to `CVE-2017-15327`