Details of VAR-201312-0526

ID

VAR-201312-0526

TITLE

Huawei CloudEngine Series Routers Have Multiple Security Bypass Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2014-00061

DESCRIPTION

The CloudEngine series is Huawei's \"cloud\" high-performance switch for next-generation data centers and high-end campuses. If an attacker has a low-privileged user name and password and is able to log in to the affected device, they can exploit these vulnerabilities to bypass server authentication checks, escalate user privileges, and execute arbitrary commands. Huawei CloudEngine Series Switches are the CloudEngine series switches of Huawei. A security bypass vulnerability exists in Huawei CloudEngine series switches. An attacker could use this vulnerability to bypass security restrictions and perform unauthorized operations

Trust: 1.35

sources: CNVD: CNVD-2014-00061 // CNNVD: CNNVD-201401-413 // BID: 64634

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00061

AFFECTED PRODUCTS

vendor:	huawei	model:	cloudengine series switches ce12800	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	cloudengine series switches ce5800	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	cloudengine series switches ce6800	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ce6800 v100r001c00spc200	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ce5800 v100r001c00spc200	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ce12800 v100r001c01spc100	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ce12800 v100r001c00spc200	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ce6800 v100r002c00spc200	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ce6800 v100r001sph001	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ce5800 v100r002c00spc200	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ce5800 v100r001sph001	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ce12800 v100r002c00spc200	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	ce12800 v100r001sph001	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-00061 // BID: 64634

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-00061
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-00061
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-00061

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-413

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201401-413

PATCH

title:

Huawei CloudEngine series routers have multiple patches for security bypassing vulnerabilities.

url:

https://www.cnvd.org.cn/patchinfo/show/42131

Trust: 0.6

sources: CNVD: CNVD-2014-00061

EXTERNAL IDS

db:	BID	id:	64634	Trust: 1.5
db:	SECUNIA	id:	56184	Trust: 0.6
db:	CNVD	id:	CNVD-2014-00061	Trust: 0.6
db:	CNNVD	id:	CNNVD-201401-413	Trust: 0.6

sources: CNVD: CNVD-2014-00061 // BID: 64634 // CNNVD: CNNVD-201401-413

REFERENCES

url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-323610.htm	Trust: 0.9
url:	http://secunia.com/advisories/56184/	Trust: 0.6
url:	http://www.securityfocus.com/bid/64634	Trust: 0.6
url:	http://enterprise.huawei.com/en/products/network/switch/data-center-switch/hw-141145.htm	Trust: 0.3

sources: CNVD: CNVD-2014-00061 // BID: 64634 // CNNVD: CNNVD-201401-413

CREDITS

Reported by the vendor.

Trust: 0.3

sources: BID: 64634

SOURCES

db:	CNVD	id:	CNVD-2014-00061
db:	BID	id:	64634
db:	CNNVD	id:	CNNVD-201401-413

LAST UPDATE DATE

2022-05-17T01:53:12.622000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00061	date:	2014-01-06T00:00:00
db:	BID	id:	64634	date:	2013-12-28T00:00:00
db:	CNNVD	id:	CNNVD-201401-413	date:	2014-01-23T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00061	date:	2014-01-06T00:00:00
db:	BID	id:	64634	date:	2013-12-28T00:00:00
db:	CNNVD	id:	CNNVD-201401-413	date:	2013-12-28T00:00:00