Sign-up

ID

VAR-201601-0426


CVE

CVE-2015-8331


TITLE

Huawei VCN500 Software Operation and Maintenance Unit Vulnerable to replay attacks

Trust: 0.8

sources: JVNDB: JVNDB-2015-006729

DESCRIPTION

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID. Huawei VCN500 is an integrated intelligent video surveillance product from China Huawei. Huawei VCN500 has a replay security vulnerability that allows remote attackers to submit special requests to unauthorized access systems. Huawei VCN500 is prone to a security-bypass vulnerability. Huawei VCN500 V100R002C00SPC200B010 is vulnerable. Operation and Maintenance Unit (OMU) is one of the communication units used to control BSC and monitor the operation of BTS and TC. There is a security vulnerability in the Operation and Maintenance Unit (OMU) of the Huawei VCN500 that uses software versions earlier than V100R002C00SPC200B010. The vulnerability is caused by the fact that the program does not invalidate the session ID when the user logs out abnormally

Trust: 2.61

sources: NVD: CVE-2015-8331 // JVNDB: JVNDB-2015-006729 // CNVD: CNVD-2015-08196 // BID: 78044 // VULHUB: VHN-86292 // VULMON: CVE-2015-8331

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08196

AFFECTED PRODUCTS

vendor:huaweimodel:vcn500scope:eqversion:v100r002c00spc200b010

Trust: 1.6

vendor:huaweimodel:vcn500scope: - version: -

Trust: 1.4

vendor:huaweimodel:vcn500scope:ltversion:v100r002c00spc200

Trust: 0.8

vendor:huaweimodel:vcn500 v100r002c00spc200b01scope: - version: -

Trust: 0.3

vendor:huaweimodel:vcn500 v100r002c00spc200scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2015-08196 // BID: 78044 // JVNDB: JVNDB-2015-006729 // CNNVD: CNNVD-201512-203 // NVD: CVE-2015-8331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8331
value: HIGH

Trust: 1.0

NVD: CVE-2015-8331
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-08196
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-203
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86292
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-8331
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8331
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-08196
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86292
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8331
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2015-08196 // VULHUB: VHN-86292 // VULMON: CVE-2015-8331 // JVNDB: JVNDB-2015-006729 // CNNVD: CNNVD-201512-203 // NVD: CVE-2015-8331

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-86292 // JVNDB: JVNDB-2015-006729 // NVD: CVE-2015-8331

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-203

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201512-203

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006729

PATCH
title:Huawei-SA-20151126-01-VCN500url:http://www.huawei.com/en/psirt/security-advisories/hw-463067
Trust: 0.8
title:Huawei VCN500 security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/68322
Trust: 0.6
title:Huawei VCN500 Operation and Maintenance Unit Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59047
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-08196 // 
            
            
            
            JVNDB: JVNDB-2015-006729 // 
            
            
            
            CNNVD: CNNVD-201512-203

EXTERNAL IDS
db:NVDid:CVE-2015-8331
Trust: 3.5
db:BIDid:78044
Trust: 1.7
db:JVNDBid:JVNDB-2015-006729
Trust: 0.8
db:CNNVDid:CNNVD-201512-203
Trust: 0.7
db:CNVDid:CNVD-2015-08196
Trust: 0.6
db:VULHUBid:VHN-86292
Trust: 0.1
db:VULMONid:CVE-2015-8331
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08196 // 
            
            
            
            VULHUB: VHN-86292 // 
            
            
            
            VULMON: CVE-2015-8331 // 
            
            
            
            BID: 78044 // 
            
            
            
            JVNDB: JVNDB-2015-006729 // 
            
            
            
            CNNVD: CNNVD-201512-203 // 
            
            
            
            NVD: CVE-2015-8331

REFERENCES
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463067.htm
Trust: 1.8
url:http://www.securityfocus.com/bid/78044
Trust: 1.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8331
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8331
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-463067.htm
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08196 // 
            
            
            
            VULHUB: VHN-86292 // 
            
            
            
            VULMON: CVE-2015-8331 // 
            
            
            
            BID: 78044 // 
            
            
            
            JVNDB: JVNDB-2015-006729 // 
            
            
            
            CNNVD: CNNVD-201512-203 // 
            
            
            
            NVD: CVE-2015-8331

CREDITS
Huawei
Trust: 0.9
sources:
            
            
            BID: 78044 // 
            
            
            
            CNNVD: CNNVD-201512-203

SOURCES
db:CNVDid:CNVD-2015-08196
db:VULHUBid:VHN-86292
db:VULMONid:CVE-2015-8331
db:BIDid:78044
db:JVNDBid:JVNDB-2015-006729
db:CNNVDid:CNNVD-201512-203
db:NVDid:CVE-2015-8331

LAST UPDATE DATE
2025-04-12T23:30:39.552000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08196date:2015-12-15T00:00:00
db:VULHUBid:VHN-86292date:2016-01-11T00:00:00
db:VULMONid:CVE-2015-8331date:2016-01-11T00:00:00
db:BIDid:78044date:2015-11-26T00:00:00
db:JVNDBid:JVNDB-2015-006729date:2016-01-13T00:00:00
db:CNNVDid:CNNVD-201512-203date:2016-01-12T00:00:00
db:NVDid:CVE-2015-8331date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-08196date:2015-12-15T00:00:00
db:VULHUBid:VHN-86292date:2016-01-11T00:00:00
db:VULMONid:CVE-2015-8331date:2016-01-11T00:00:00
db:BIDid:78044date:2015-11-26T00:00:00
db:JVNDBid:JVNDB-2015-006729date:2016-01-13T00:00:00
db:CNNVDid:CNNVD-201512-203date:2015-11-26T00:00:00
db:NVDid:CVE-2015-8331date:2016-01-11T15:59:04.543