CVE-2017-15327

{"id": "CVE-2017-15327", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2018-04-11T17:29:00.147", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure."}, {"lang": "es", "value": "S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00 y V200R010C00 tienen una vulnerabilidad de autorizaci\u00f3n incorrecta en productos switch de Huawei. El sistema realiza de manera err\u00f3nea una comprobaci\u00f3n de autorizaci\u00f3n cuando un usuario normal intenta acceder a cierta informaci\u00f3n a la que se supone que solo pueden acceder los usuarios autenticados. La explotaci\u00f3n con \u00e9xito podr\u00eda resultar en una divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2018-05-23T14:26:57.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r005c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D81469B-EC6C-493D-B632-4DF821A1F304"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6F2C4C7-3438-42B8-8999-C17E45C8CF49"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r006c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACAB5D62-CAC9-41D0-BBBC-93E22AD8EAF5"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r007c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10CBC93B-5CF6-45BF-A90A-84B7693E27FD"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r007c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC4803A7-44B2-41BA-814D-151239B92CEF"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r007c20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "985C07E4-1E27-4191-9FB8-4714A177479D"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r008c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD4C5CC9-FD60-4C64-8F88-CFC71BBEA663"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r008c06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A787767-F56E-4930-B366-C7E103CAC1CE"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r009c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B17A34EF-677D-4264-82FB-F7F582C9F56B"}, {"criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r010c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "933755CC-4A0B-42FB-9491-3C841059851D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "138C1E57-176C-46B1-9704-D9C8391CC802"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F49D3EAD-1EB3-4C62-80BA-4C9C3CE0408C"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r001c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65902ABB-3EF2-4C8B-BAC1-84BC585019BA"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D75B012-A57D-4C6D-AB26-51D2ECC02F35"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r003c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1DFF0C0-AA17-4AA1-A418-4759D1A58852"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r005c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D84F05D5-BA7D-485B-91C2-273349335CFB"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF3FB3CC-2EAC-4A08-BDDC-DCACEE9FA2AE"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r006c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "345DA517-033D-4C94-A7F2-77C047309E2A"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r007c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2377CD30-6F57-46CB-9DD1-E29458A7D928"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r007c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D55C2AC7-FF47-4160-B524-E3E6C54612E1"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r008c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D79CD09-3414-4105-AD59-F3D1BAC61B7E"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r008c06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6712B77-1268-4A5A-B383-E51D9D51F108"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r009c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB2A3C92-C5C6-4BE6-A9F6-21C28D68C080"}, {"criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r010c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37E3F87E-EA36-41ED-8793-F6C166FFC4A7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8769C2C4-E333-432B-8943-CFDFAE013379"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B1F0B3D-1923-42C3-A3DB-03D11BE059D9"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r001c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "032E5E4D-B1B8-4659-8B62-3DC237234501"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r002c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FB6ED15-477B-4BB5-AA94-0D7897FBD962"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r003c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06AD9ACA-E0C3-4096-BE50-94E717CDA318"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r005c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "325D6523-A07A-48D4-AD44-CF838BD77432"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AC7E622-010C-4C5D-8AA6-D4793AFCE0E0"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r006c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "702A6BB8-B9D5-4160-94C9-12CF35485FC9"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r007c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D78DAB13-32AA-4813-AB0A-0EA870F41183"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r007c01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38515A04-EC21-40B3-A29C-8D0A5883EA4A"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r008c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36AB80F7-1BD2-4169-AC70-708CE84BB15C"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r009c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01A0EC8F-6A8A-487F-A92A-789E3789788F"}, {"criteria": "cpe:2.3:o:huawei:s9700_firmware:v200r010c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C6DC309-2FC6-4014-9C2B-8EE12C7BB08F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "75FAA4BF-1ED0-4059-ADA1-071AF1BF2882"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}