Sign-up

ID

VAR-201609-0562


CVE

CVE-2016-6900


TITLE

plural Huawei Product Intelligent Baseboard Management Controller Denial of service in Japan (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004566

DESCRIPTION

The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors. plural Huawei Product Intelligent Baseboard Management Controller (iBMC) The denial of service (iBMC Resource consumption ) There is a vulnerability that can be exploited.Denial of service by local user (iBMC Resource consumption ) May be in a state. Multiple Huawei Servers are prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause a denial-of-service condition. Intelligent Baseboard Management Controller (iBMC) is one of the software used to manage the server control unit. There are resource management vulnerabilities in the iBMC of various Huawei servers. The following products and versions are affected: Huawei RH1288 V3 V100R003C00SPC613 previous version, RH2288 V3 V100R003C00SPC617 previous version, RH2288H V3 V100R003C00SPC515 previous version, RH5885 V3 V100R003C10SPC102 previous version, XH620 V3 , XH622 V3 , XH628 V3 V100R003C00SPC610 previous version

Trust: 1.98

sources: NVD: CVE-2016-6900 // JVNDB: JVNDB-2016-004566 // BID: 92909 // VULHUB: VHN-95720

AFFECTED PRODUCTS

vendor:huaweimodel:xh628 v3 serverscope:eqversion:v100r003c00

Trust: 1.6

vendor:huaweimodel:rh5885 v3 serverscope:eqversion:v100r003c01

Trust: 1.6

vendor:huaweimodel:rh2288 v3 serverscope:eqversion:v100r003c00

Trust: 1.6

vendor:huaweimodel:xh622 v3 serverscope:eqversion:v100r003c00

Trust: 1.6

vendor:huaweimodel:rh1288 v3 serverscope:eqversion:v100r003c00

Trust: 1.6

vendor:huaweimodel:rh2288h v3 serverscope:eqversion:v100r003c00

Trust: 1.6

vendor:huaweimodel:xh620 v3 serverscope:eqversion:v100r003c00

Trust: 1.6

vendor:huaweimodel:rh1288 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:rh1288 v3scope:ltversion:v100r003c00spc613

Trust: 0.8

vendor:huaweimodel:rh2288 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:rh2288 v3scope:ltversion:v100r003c00spc617

Trust: 0.8

vendor:huaweimodel:rh2288h v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:rh2288h v3scope:ltversion:v100r003c00spc515

Trust: 0.8

vendor:huaweimodel:rh5885 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:rh5885 v3scope:ltversion:v100r003c10spc102

Trust: 0.8

vendor:huaweimodel:xh620 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:xh620 v3scope:ltversion:v100r003c00spc610

Trust: 0.8

vendor:huaweimodel:xh622 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:xh622 v3scope:ltversion:v100r003c00spc610

Trust: 0.8

vendor:huaweimodel:xh628 v3scope: - version: -

Trust: 0.8

vendor:huaweimodel:xh628 v3scope:ltversion:v100r003c00spc610

Trust: 0.8

vendor:huaweimodel:xh628 v100r003c00scope:eqversion:v3

Trust: 0.3

vendor:huaweimodel:xh622 v100r003c00scope:eqversion:v3

Trust: 0.3

vendor:huaweimodel:xh620 v100r003c00scope:eqversion:v3

Trust: 0.3

vendor:huaweimodel:rh5885 v100r003c01scope:eqversion:v3

Trust: 0.3

vendor:huaweimodel:rh2288h v100r003c00scope:eqversion:v3

Trust: 0.3

vendor:huaweimodel:rh2288 v100r003c00scope:eqversion:v3

Trust: 0.3

vendor:huaweimodel:rh1288 v100r003c00scope:eqversion:v3

Trust: 0.3

vendor:huaweimodel:xh628 v100r003c00spc610scope:neversion:v3

Trust: 0.3

vendor:huaweimodel:xh622 v100r003c00spc610scope:neversion:v3

Trust: 0.3

vendor:huaweimodel:xh620 v100r003c00spc610scope:neversion:v3

Trust: 0.3

vendor:huaweimodel:rh5885 v100r003c10spc102scope:neversion:v3

Trust: 0.3

vendor:huaweimodel:rh2288h v100r003c00spc515scope:neversion:v3

Trust: 0.3

vendor:huaweimodel:rh2288 v100r003c00spc617scope:neversion:v3

Trust: 0.3

vendor:huaweimodel:rh1288 v100r003c00spc613scope:neversion:v3

Trust: 0.3

sources: BID: 92909 // JVNDB: JVNDB-2016-004566 // CNNVD: CNNVD-201609-104 // NVD: CVE-2016-6900

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6900
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6900
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201609-104
value: LOW

Trust: 0.6

VULHUB: VHN-95720
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-6900
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95720
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6900
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95720 // JVNDB: JVNDB-2016-004566 // CNNVD: CNNVD-201609-104 // NVD: CVE-2016-6900

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-95720 // JVNDB: JVNDB-2016-004566 // NVD: CVE-2016-6900

THREAT TYPE

local

Trust: 0.9

sources: BID: 92909 // CNNVD: CNNVD-201609-104

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201609-104

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004566

PATCH
title:huawei-sa-20160824-01-serverurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-server-en
Trust: 0.8
title:Multiple Huawei server Intelligent Baseboard Management Controller Remediation measures for resource management vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63927
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004566 // 
            
            
            
            CNNVD: CNNVD-201609-104

EXTERNAL IDS
db:NVDid:CVE-2016-6900
Trust: 2.8
db:JVNDBid:JVNDB-2016-004566
Trust: 0.8
db:CNNVDid:CNNVD-201609-104
Trust: 0.7
db:BIDid:92909
Trust: 0.4
db:VULHUBid:VHN-95720
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95720 // 
            
            
            
            BID: 92909 // 
            
            
            
            JVNDB: JVNDB-2016-004566 // 
            
            
            
            CNNVD: CNNVD-201609-104 // 
            
            
            
            NVD: CVE-2016-6900

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-server-en
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6900
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6900
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95720 // 
            
            
            
            BID: 92909 // 
            
            
            
            JVNDB: JVNDB-2016-004566 // 
            
            
            
            CNNVD: CNNVD-201609-104 // 
            
            
            
            NVD: CVE-2016-6900

CREDITS
The vendor reported the issue.
Trust: 0.3
sources:
            
            
            BID: 92909

SOURCES
db:VULHUBid:VHN-95720
db:BIDid:92909
db:JVNDBid:JVNDB-2016-004566
db:CNNVDid:CNNVD-201609-104
db:NVDid:CVE-2016-6900

LAST UPDATE DATE
2025-04-13T23:36:24.139000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95720date:2016-09-08T00:00:00
db:BIDid:92909date:2016-08-24T00:00:00
db:JVNDBid:JVNDB-2016-004566date:2016-09-09T00:00:00
db:CNNVDid:CNNVD-201609-104date:2016-09-08T00:00:00
db:NVDid:CVE-2016-6900date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-95720date:2016-09-07T00:00:00
db:BIDid:92909date:2016-08-24T00:00:00
db:JVNDBid:JVNDB-2016-004566date:2016-09-09T00:00:00
db:CNNVDid:CNNVD-201609-104date:2016-09-08T00:00:00
db:NVDid:CVE-2016-6900date:2016-09-07T19:28:21.740