Details of VAR-201610-0210

ID

VAR-201610-0210

CVE

CVE-2016-8280

TITLE

Huawei eSight Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2016-005103

DESCRIPTION

Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. Multiple Huawei Products are prone to an directory-traversal vulnerability. This may aid in further attacks. Huawei eSight is a new generation of overall operation and maintenance management solution for enterprise basic network, unified communication, telepresence conferencing, video surveillance and data center developed by Huawei in China. This solution supports unified monitoring and configuration management for multi-vendor and multi-type equipment, and monitors and analyzes network and service quality. There is a path traversal vulnerability in Huawei eSight V300R002C00, V300R003C10, and V300R003C20. The vulnerability is caused by the program not fully verifying the path. Remote attackers can exploit this vulnerability to download unauthorized files, resulting in information disclosure

Trust: 1.98

sources: NVD: CVE-2016-8280 // JVNDB: JVNDB-2016-005103 // BID: 93190 // VULHUB: VHN-97100

AFFECTED PRODUCTS

vendor:	huawei	model:	esight	scope:	eq	version:	v300r003c20	Trust: 1.6
vendor:	huawei	model:	esight	scope:	eq	version:	v300r002c00	Trust: 1.6
vendor:	huawei	model:	esight	scope:	eq	version:	v300r003c10	Trust: 1.6
vendor:	huawei	model:	esight	scope:	lt	version:	v300r003c20spc005	Trust: 0.8
vendor:	huawei	model:	esight v300r003c20	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	esight v300r003c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	esight v300r002c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	esight v300r003c20spc005	scope:	ne	version:	-	Trust: 0.3

sources: BID: 93190 // JVNDB: JVNDB-2016-005103 // CNNVD: CNNVD-201609-650 // NVD: CVE-2016-8280

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8280
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-8280
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201609-650
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-97100
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-8280
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-97100
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8280
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-97100 // JVNDB: JVNDB-2016-005103 // CNNVD: CNNVD-201609-650 // NVD: CVE-2016-8280

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-97100 // JVNDB: JVNDB-2016-005103 // NVD: CVE-2016-8280

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-650

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201609-650

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005103

PATCH

title:	huawei-sa-20160928-01-pathtraversal	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en	Trust: 0.8
title:	Huawei eSight Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64417	Trust: 0.6

sources: JVNDB: JVNDB-2016-005103 // CNNVD: CNNVD-201609-650

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8280	Trust: 2.8
db:	BID	id:	93190	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-005103	Trust: 0.8
db:	CNNVD	id:	CNNVD-201609-650	Trust: 0.7
db:	VULHUB	id:	VHN-97100	Trust: 0.1

sources: VULHUB: VHN-97100 // BID: 93190 // JVNDB: JVNDB-2016-005103 // CNNVD: CNNVD-201609-650 // NVD: CVE-2016-8280

REFERENCES

url:	http://www.securityfocus.com/bid/93190	Trust: 1.7
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160928-01-pathtraversal-en	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8280	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8280	Trust: 0.8
url:	http://www.huawei.com	Trust: 0.3
url:	http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160928-01-pathtraversal-en	Trust: 0.3

sources: VULHUB: VHN-97100 // BID: 93190 // JVNDB: JVNDB-2016-005103 // CNNVD: CNNVD-201609-650 // NVD: CVE-2016-8280

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 93190

SOURCES

db:	VULHUB	id:	VHN-97100
db:	BID	id:	93190
db:	JVNDB	id:	JVNDB-2016-005103
db:	CNNVD	id:	CNNVD-201609-650
db:	NVD	id:	CVE-2016-8280

LAST UPDATE DATE

2025-04-13T23:41:16.935000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-97100	date:	2016-10-04T00:00:00
db:	BID	id:	93190	date:	2016-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-005103	date:	2016-10-06T00:00:00
db:	CNNVD	id:	CNNVD-201609-650	date:	2016-10-08T00:00:00
db:	NVD	id:	CVE-2016-8280	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-97100	date:	2016-10-03T00:00:00
db:	BID	id:	93190	date:	2016-09-28T00:00:00
db:	JVNDB	id:	JVNDB-2016-005103	date:	2016-10-06T00:00:00
db:	CNNVD	id:	CNNVD-201609-650	date:	2016-09-29T00:00:00
db:	NVD	id:	CVE-2016-8280	date:	2016-10-03T21:59:12.723