Sign-up

ID

VAR-201609-0560


CVE

CVE-2016-6898


TITLE

Huawei E9000 Rack server software Hyper Management Module In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-004564

DESCRIPTION

XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. HuaweiE9000Chassis is a blade server of China's Huawei company. An XML external entity injection vulnerability exists in the HuaweiE9000ChassisV100R001C00 version. An attacker could exploit the vulnerability to obtain sensitive information and may also cause a denial of service. Failed attacks may cause a denial-of-service condition

Trust: 2.52

sources: NVD: CVE-2016-6898 // JVNDB: JVNDB-2016-004564 // CNVD: CNVD-2016-06760 // BID: 92620 // VULHUB: VHN-95718

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-06760

AFFECTED PRODUCTS

vendor:huaweimodel:e9000 chassisscope:lteversion:v100r001c00

Trust: 1.0

vendor:huaweimodel:e9000 chassisscope:ltversion:v100r001c00spc296

Trust: 0.8

vendor:huaweimodel:e9000 chassis 100r001c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:e9000 chassisscope:eqversion:v100r001c00

Trust: 0.6

vendor:huaweimodel:e9000 chassis v100r001c00scope: - version: -

Trust: 0.3

vendor:huaweimodel:e9000 chassis v100r001c00spc296scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2016-06760 // BID: 92620 // JVNDB: JVNDB-2016-004564 // CNNVD: CNNVD-201608-453 // NVD: CVE-2016-6898

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6898
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6898
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-06760
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201608-453
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95718
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6898
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-06760
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95718
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6898
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-06760 // VULHUB: VHN-95718 // JVNDB: JVNDB-2016-004564 // CNNVD: CNNVD-201608-453 // NVD: CVE-2016-6898

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-95718 // JVNDB: JVNDB-2016-004564 // NVD: CVE-2016-6898

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-453

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201608-453

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004564

PATCH
title:huawei-sa-20160824-01-e9000url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en
Trust: 0.8
title:HuaweiE9000ChassisXML external entity injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/80767
Trust: 0.6
title:Huawei E9000 Chassis XML Fixes for external entity injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63776
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-06760 // 
            
            
            
            JVNDB: JVNDB-2016-004564 // 
            
            
            
            CNNVD: CNNVD-201608-453

EXTERNAL IDS
db:NVDid:CVE-2016-6898
Trust: 3.4
db:BIDid:92620
Trust: 2.6
db:JVNDBid:JVNDB-2016-004564
Trust: 0.8
db:CNNVDid:CNNVD-201608-453
Trust: 0.7
db:CNVDid:CNVD-2016-06760
Trust: 0.6
db:VULHUBid:VHN-95718
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06760 // 
            
            
            
            VULHUB: VHN-95718 // 
            
            
            
            BID: 92620 // 
            
            
            
            JVNDB: JVNDB-2016-004564 // 
            
            
            
            CNNVD: CNNVD-201608-453 // 
            
            
            
            NVD: CVE-2016-6898

REFERENCES
url:http://www.securityfocus.com/bid/92620
Trust: 2.3
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6898
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6898
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-e9000-en
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-06760 // 
            
            
            
            VULHUB: VHN-95718 // 
            
            
            
            BID: 92620 // 
            
            
            
            JVNDB: JVNDB-2016-004564 // 
            
            
            
            CNNVD: CNNVD-201608-453 // 
            
            
            
            NVD: CVE-2016-6898

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 92620

SOURCES
db:CNVDid:CNVD-2016-06760
db:VULHUBid:VHN-95718
db:BIDid:92620
db:JVNDBid:JVNDB-2016-004564
db:CNNVDid:CNNVD-201608-453
db:NVDid:CVE-2016-6898

LAST UPDATE DATE
2025-04-13T23:27:24.454000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-06760date:2016-08-26T00:00:00
db:VULHUBid:VHN-95718date:2016-09-08T00:00:00
db:BIDid:92620date:2016-08-24T00:00:00
db:JVNDBid:JVNDB-2016-004564date:2016-09-09T00:00:00
db:CNNVDid:CNNVD-201608-453date:2016-09-08T00:00:00
db:NVDid:CVE-2016-6898date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-06760date:2016-08-26T00:00:00
db:VULHUBid:VHN-95718date:2016-09-07T00:00:00
db:BIDid:92620date:2016-08-24T00:00:00
db:JVNDBid:JVNDB-2016-004564date:2016-09-09T00:00:00
db:CNNVDid:CNNVD-201608-453date:2016-08-25T00:00:00
db:NVDid:CVE-2016-6898date:2016-09-07T19:28:19.363