Details of VAR-201606-0056

ID

VAR-201606-0056

CVE

CVE-2016-5723

TITLE

Huawei FusionInsight HD In root Privileged vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-003329

DESCRIPTION

Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors. Huawei FusionInsight HD is prone to a local privilege-escalation vulnerability. Huawei FusionInsight HD versions V100R002C30 and V100R002C50 are vulnerable. Huawei FusionInsight is an enterprise-level big data platform developed by China's Huawei (Huawei) for multiple industries and based on Apache open source community software for enhanced functions. The platform provides functions such as data storage, query and analysis. FusionInsight HD is one of the core components of the data engine

Trust: 1.98

sources: NVD: CVE-2016-5723 // JVNDB: JVNDB-2016-003329 // BID: 91470 // VULHUB: VHN-94542

AFFECTED PRODUCTS

vendor:	huawei	model:	fusioninsight hd	scope:	eq	version:	v100r002c50	Trust: 1.6
vendor:	huawei	model:	fusioninsight hd	scope:	eq	version:	v100r002c30	Trust: 1.6
vendor:	huawei	model:	fusioninsight hd	scope:	lt	version:	v100r002c60spc200	Trust: 0.8

sources: JVNDB: JVNDB-2016-003329 // NVD: CVE-2016-5723 // CNNVD: CNNVD-201606-577

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-5723
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-201606-577
value:	HIGH
Trust: 0.6
VULHUB:	VHN-94542
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	TRUE
obtainAllPrivilege:	TRUE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-5723
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-94542
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2016-5723
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-94542 // JVNDB: JVNDB-2016-003329 // NVD: CVE-2016-5723 // CNNVD: CNNVD-201606-577

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-94542 // JVNDB: JVNDB-2016-003329 // NVD: CVE-2016-5723

THREAT TYPE

local

Trust: 0.9

sources: BID: 91470 // CNNVD: CNNVD-201606-577

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201606-577

CONFIGURATIONS

sources: NVD: CVE-2016-5723

PATCH

title:	huawei-sa-20160617-01-fusioninsight	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160617-01-fusioninsight-en	Trust: 0.8
title:	Huawei FusionInsight Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62493	Trust: 0.6

sources: JVNDB: JVNDB-2016-003329 // CNNVD: CNNVD-201606-577

EXTERNAL IDS

db:	NVD	id:	CVE-2016-5723	Trust: 2.8
db:	JVNDB	id:	JVNDB-2016-003329	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-577	Trust: 0.7
db:	BID	id:	91470	Trust: 0.3
db:	VULHUB	id:	VHN-94542	Trust: 0.1

sources: VULHUB: VHN-94542 // BID: 91470 // JVNDB: JVNDB-2016-003329 // NVD: CVE-2016-5723 // CNNVD: CNNVD-201606-577

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160617-01-fusioninsight-en	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5723	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5723	Trust: 0.8

sources: VULHUB: VHN-94542 // JVNDB: JVNDB-2016-003329 // NVD: CVE-2016-5723 // CNNVD: CNNVD-201606-577

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 91470

SOURCES

db:	VULHUB	id:	VHN-94542
db:	BID	id:	91470
db:	JVNDB	id:	JVNDB-2016-003329
db:	NVD	id:	CVE-2016-5723
db:	CNNVD	id:	CNNVD-201606-577

LAST UPDATE DATE

2023-12-18T12:05:54.387000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-94542	date:	2016-06-27T00:00:00
db:	BID	id:	91470	date:	2016-07-06T15:06:00
db:	JVNDB	id:	JVNDB-2016-003329	date:	2016-06-28T00:00:00
db:	NVD	id:	CVE-2016-5723	date:	2016-06-27T18:44:11.227
db:	CNNVD	id:	CNNVD-201606-577	date:	2016-06-27T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-94542	date:	2016-06-24T00:00:00
db:	BID	id:	91470	date:	2016-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-003329	date:	2016-06-28T00:00:00
db:	NVD	id:	CVE-2016-5723	date:	2016-06-24T17:59:05.660
db:	CNNVD	id:	CNNVD-201606-577	date:	2016-06-27T00:00:00