CVE-2013-4628

The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261458.htm	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:huawei:quidway_service_process_unit_board_s7700:v200r001c00spc300:::::::*
	cpe:2.3:h:huawei:quidway_service_process_unit_board_s9300:v200r001c00spc300:::::::*
	cpe:2.3:h:huawei:quidway_service_process_unit_board_s9700:v200r001c00spc300:::::::*

History

No history.

Information

Published : 2013-06-20 15:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-4628

Mitre link : CVE-2013-4628

CVE.ORG link : CVE-2013-4628

JSON object : View

Products Affected

huawei

quidway_service_process_unit_board_s9300
quidway_service_process_unit_board_s7700
quidway_service_process_unit_board_s9700

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2013-4628", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-06-20T15:55:01.033", "references": [{"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261458.htm", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone."}, {"lang": "es", "value": "El m\u00f3dulo del firewall en el Huawe Quidway Service Process Unit (SPU) board S770, S9300, S9700 en dispositivos Huawei Campus Switch permite a usuarios autenticados de forma remota obtener informaci\u00f3n sensible de zonas de alta prioridad de seguridad a trav\u00e9s del aprovechamiento del acceso a zonas de baja prioridad de seguridad."}], "lastModified": "2013-06-21T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:quidway_service_process_unit_board_s7700:v200r001c00spc300:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "774AE3C7-D5EB-45DD-BA80-DFAC1C4CF82D"}, {"criteria": "cpe:2.3:h:huawei:quidway_service_process_unit_board_s9300:v200r001c00spc300:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCFB4C83-EE13-4C20-ACA2-C3B5BF76B9B9"}, {"criteria": "cpe:2.3:h:huawei:quidway_service_process_unit_board_s9700:v200r001c00spc300:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "782BF930-95FF-44DB-8187-D178E55F122A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}