Sign-up

ID

VAR-201703-0171


CVE

CVE-2016-2406


TITLE

Huawei Document Security Management Vulnerability in which important information is obtained in the permission control module

Trust: 0.8

sources: JVNDB: JVNDB-2016-008035

DESCRIPTION

The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button. Huawei Document Security Management (DSM) is a set of document rights management software from Huawei, China. The software is characterized by high stability, reliability and scalability. Security vulnerabilities exist in the permission control function of Huawei DSM versions earlier than V100R002C05SPC670. A remote attacker could exploit this vulnerability to obtain sensitive information in encrypted documents

Trust: 1.71

sources: NVD: CVE-2016-2406 // JVNDB: JVNDB-2016-008035 // VULHUB: VHN-91225

AFFECTED PRODUCTS

vendor:huaweimodel:document security managementscope:lteversion:v100r002c05spc661

Trust: 1.0

vendor:huaweimodel:dsmscope:ltversion:v100r002c05spc670

Trust: 0.8

vendor:huaweimodel:document security managementscope:eqversion:v100r002c05spc661

Trust: 0.6

sources: JVNDB: JVNDB-2016-008035 // CNNVD: CNNVD-201703-901 // NVD: CVE-2016-2406

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2406
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-2406
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-901
value: MEDIUM

Trust: 0.6

VULHUB: VHN-91225
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-2406
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-91225
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-2406
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-91225 // JVNDB: JVNDB-2016-008035 // CNNVD: CNNVD-201703-901 // NVD: CVE-2016-2406

PROBLEMTYPE DATA

problemtype:CWE-275

Trust: 1.9

sources: VULHUB: VHN-91225 // JVNDB: JVNDB-2016-008035 // NVD: CVE-2016-2406

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-901

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-901

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008035

PATCH
title:huawei-sa-20160218-01-dsmurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en
Trust: 0.8
title:Huawei Document Security Management Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68653
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008035 // 
            
            
            
            CNNVD: CNNVD-201703-901

EXTERNAL IDS
db:NVDid:CVE-2016-2406
Trust: 2.5
db:JVNDBid:JVNDB-2016-008035
Trust: 0.8
db:CNNVDid:CNNVD-201703-901
Trust: 0.7
db:VULHUBid:VHN-91225
Trust: 0.1
sources:
            
            
            VULHUB: VHN-91225 // 
            
            
            
            JVNDB: JVNDB-2016-008035 // 
            
            
            
            CNNVD: CNNVD-201703-901 // 
            
            
            
            NVD: CVE-2016-2406

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2406
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-2406
Trust: 0.8
sources:
            
            
            VULHUB: VHN-91225 // 
            
            
            
            JVNDB: JVNDB-2016-008035 // 
            
            
            
            CNNVD: CNNVD-201703-901 // 
            
            
            
            NVD: CVE-2016-2406

SOURCES
db:VULHUBid:VHN-91225
db:JVNDBid:JVNDB-2016-008035
db:CNNVDid:CNNVD-201703-901
db:NVDid:CVE-2016-2406

LAST UPDATE DATE
2025-04-20T23:22:29.981000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-91225date:2017-03-23T00:00:00
db:JVNDBid:JVNDB-2016-008035date:2017-04-18T00:00:00
db:CNNVDid:CNNVD-201703-901date:2017-03-21T00:00:00
db:NVDid:CVE-2016-2406date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-91225date:2017-03-20T00:00:00
db:JVNDBid:JVNDB-2016-008035date:2017-04-18T00:00:00
db:CNNVDid:CNNVD-201703-901date:2017-03-21T00:00:00
db:NVDid:CVE-2016-2406date:2017-03-20T16:59:01.627