CVE-2015-7843 - OpenCVE

The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Fusionserver Ch121 V3 Fusionserver Ch220 V3 Fusionserver Ch222 V3 Fusionserver Rh1288 V3 Fusionserver Rh1288a V2 Fusionserver Rh2288 V3 Fusionserver Rh2288a V2 Fusionserver Rh2288h V3 Fusionserver Rh8100 V3 Fusionserver Xh628 V3

Configuration 1 [-]

OR	cpe:2.3:a:huawei:fusionserver_ch121_v3:v100r001c00:::::::*
	cpe:2.3:a:huawei:fusionserver_ch220_v3:v100r001c00:::::::*
	cpe:2.3:a:huawei:fusionserver_ch222_v3:v100r001c00:::::::*
	cpe:2.3:a:huawei:fusionserver_rh1288_v3:v100r003c00spc100:::::::*
	cpe:2.3:a:huawei:fusionserver_rh1288a_v2:v100r002c00:::::::*
	cpe:2.3:a:huawei:fusionserver_rh2288_v3:v100r003c00:::::::*
	cpe:2.3:a:huawei:fusionserver_rh2288a_v2:v100r002c00:::::::*
	cpe:2.3:a:huawei:fusionserver_rh2288h_v3:v100r003c00:::::::*
	cpe:2.3:a:huawei:fusionserver_rh8100_v3:v100r003c00:::::::*
	cpe:2.3:a:huawei:fusionserver_xh628_v3:v100r003c00:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/76836
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-02T18:00:00

Updated: 2024-08-06T07:59:00.556Z

Reserved: 2015-10-16T00:00:00

Link: CVE-2015-7843

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-10-03T01:29:00.840

Modified: 2017-10-23T13:03:20.627

Link: CVE-2015-7843

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object