Vulnerabilites related to huawei - ibmc
cve-2017-17323
Vulnerability from cvelistv5
Published
2018-03-09 17:00
Modified
2024-08-05 20:51
Severity ?
EPSS score ?
Summary
Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | iBMC |
Version: V200R002C10 Version: V200R002C20 Version: V200R002C30 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:30.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iBMC",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R002C10"
},
{
"status": "affected",
"version": "V200R002C20"
},
{
"status": "affected",
"version": "V200R002C30"
}
]
}
],
"datePublic": "2018-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T16:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iBMC",
"version": {
"version_data": [
{
"version_value": "V200R002C10"
},
{
"version_value": "V200R002C20"
},
{
"version_value": "V200R002C30"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17323",
"datePublished": "2018-03-09T17:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T20:51:30.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201803-0201
Vulnerability from variot
Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure. Huawei iBMC Contains an authorization vulnerability.Information may be obtained. Huawei iBMC is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Huawei iBMC is a server embedded intelligent management system developed by China Huawei (Huawei). The system has the functions of remote operation and maintenance, fault diagnosis, intelligent management and standardized interface management. There are security vulnerabilities in Huawei iBMC V200R002C10, V200R002C20, and V200R002C30
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-0201",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ibmc",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r002c10"
},
{
"model": "ibmc",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r002c20"
},
{
"model": "ibmc",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r002c30"
},
{
"model": "ibmc",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ibmc v200r002c30",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ibmc v200r002c20",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ibmc v200r002c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ibmc v200r002c50spc100",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "103416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012830"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-292"
},
{
"db": "NVD",
"id": "CVE-2017-17323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:ibmc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012830"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "103416"
}
],
"trust": 0.3
},
"cve": "CVE-2017-17323",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-17323",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-108334",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-17323",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17323",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-17323",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-292",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108334",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012830"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-292"
},
{
"db": "NVD",
"id": "CVE-2017-17323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure. Huawei iBMC Contains an authorization vulnerability.Information may be obtained. Huawei iBMC is prone to an authorization-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Huawei iBMC is a server embedded intelligent management system developed by China Huawei (Huawei). The system has the functions of remote operation and maintenance, fault diagnosis, intelligent management and standardized interface management. There are security vulnerabilities in Huawei iBMC V200R002C10, V200R002C20, and V200R002C30",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17323"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012830"
},
{
"db": "BID",
"id": "103416"
},
{
"db": "VULHUB",
"id": "VHN-108334"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17323",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012830",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-292",
"trust": 0.7
},
{
"db": "BID",
"id": "103416",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-108334",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108334"
},
{
"db": "BID",
"id": "103416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012830"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-292"
},
{
"db": "NVD",
"id": "CVE-2017-17323"
}
]
},
"id": "VAR-201803-0201",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-108334"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:48:46.150000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20180131-01-ibmc",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en"
},
{
"title": "Huawei iBMC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79014"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012830"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-292"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "CWE-285",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012830"
},
{
"db": "NVD",
"id": "CVE-2017-17323"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17323"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17323"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108334"
},
{
"db": "BID",
"id": "103416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012830"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-292"
},
{
"db": "NVD",
"id": "CVE-2017-17323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-108334"
},
{
"db": "BID",
"id": "103416"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012830"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-292"
},
{
"db": "NVD",
"id": "CVE-2017-17323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-108334"
},
{
"date": "2018-01-31T00:00:00",
"db": "BID",
"id": "103416"
},
{
"date": "2018-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012830"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-292"
},
{
"date": "2018-03-09T17:29:01.987000",
"db": "NVD",
"id": "CVE-2017-17323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108334"
},
{
"date": "2018-01-31T00:00:00",
"db": "BID",
"id": "103416"
},
{
"date": "2018-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012830"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-292"
},
{
"date": "2024-11-21T03:17:50.227000",
"db": "NVD",
"id": "CVE-2017-17323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-292"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei iBMC Vulnerabilities in authorization",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012830"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-292"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2018-03-09 17:29
Modified
2024-11-21 03:17
Severity ?
Summary
Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | ibmc_firmware | v200r002c10 | |
| huawei | ibmc_firmware | v200r002c20 | |
| huawei | ibmc_firmware | v200r002c30 | |
| huawei | ibmc | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ibmc_firmware:v200r002c10:*:*:*:*:*:*:*",
"matchCriteriaId": "99103586-1B75-414F-836B-BEFB99F0E2F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ibmc_firmware:v200r002c20:*:*:*:*:*:*:*",
"matchCriteriaId": "1D45CCA3-AF5E-4176-881D-3DFFC7EF7138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ibmc_firmware:v200r002c30:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC7A4CF-20AF-4A2B-8B83-0FF661479F5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ibmc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D24EE92-DD14-4263-9E90-A6546F7603BB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure."
},
{
"lang": "es",
"value": "Huawei iBMC V200R002C10; V200R002C20 y V200R002C30 tiene una vulnerabilidad de autorizaci\u00f3n incorrecta. El software realiza de manera err\u00f3nea una comprobaci\u00f3n de autorizaci\u00f3n cuando un usuario normal intenta acceder a cierta informaci\u00f3n a la que se supone que solo pueden acceder los usuarios admin. La explotaci\u00f3n con \u00e9xito podr\u00eda resultar en una divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2017-17323",
"lastModified": "2024-11-21T03:17:50.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-09T17:29:01.987",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}