Details of VAR-201412-0644

ID

VAR-201412-0644

TITLE

Huawei Tecal E9000 Chassis IPMICommand Handling Privilege Escalation Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-09226 // BID: 71786

DESCRIPTION

The Tecal E9000 Converged Architecture Blade Server is a new generation of powerful infrastructure platform from Huawei. Huawei Tecal E9000 Chassis is a blade server from China's Huawei. An elevation of privilege vulnerability exists in Huawei Tecal E9000 Chassis. An attacker could use this vulnerability to bypass security restrictions and gain elevated permissions on the affected system

Trust: 1.35

sources: CNVD: CNVD-2014-09226 // CNNVD: CNNVD-201412-525 // BID: 71786

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-09226

AFFECTED PRODUCTS

vendor:	huawei	model:	tecal e9000 chassis	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	tecal e9000 chassis v100r001c00spc160	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	tecal e9000 chassis v100r001c00spc180	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-09226 // BID: 71786

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-09226
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-09226
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-09226

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-525

TYPE

Design Error

Trust: 0.3

sources: BID: 71786

PATCH

title:

Huawei Tecal E9000 Chassis IPMICommand Patch for Handling Privilege Escalation Vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/53400

Trust: 0.6

sources: CNVD: CNVD-2014-09226

EXTERNAL IDS

db:	BID	id:	71786	Trust: 1.5
db:	CNVD	id:	CNVD-2014-09226	Trust: 0.6
db:	CNNVD	id:	CNNVD-201412-525	Trust: 0.6

sources: CNVD: CNVD-2014-09226 // BID: 71786 // CNNVD: CNNVD-201412-525

REFERENCES

url:	http://www.securityfocus.com/bid/71786	Trust: 1.2
url:	http://www.huawei.com/	Trust: 0.3
url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-408117.htm	Trust: 0.3

sources: CNVD: CNVD-2014-09226 // BID: 71786 // CNNVD: CNNVD-201412-525

CREDITS

Trust: 0.6

sources: CNNVD: CNNVD-201412-525

SOURCES

db:	CNVD	id:	CNVD-2014-09226
db:	BID	id:	71786
db:	CNNVD	id:	CNNVD-201412-525

LAST UPDATE DATE

2022-05-17T02:07:09.502000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-09226	date:	2014-12-30T00:00:00
db:	BID	id:	71786	date:	2014-12-24T00:00:00
db:	CNNVD	id:	CNNVD-201412-525	date:	2014-12-29T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-09226	date:	2014-12-30T00:00:00
db:	BID	id:	71786	date:	2014-12-24T00:00:00
db:	CNNVD	id:	CNNVD-201412-525	date:	2014-12-29T00:00:00