Sign-up

ID

VAR-201704-0113


CVE

CVE-2016-2404


TITLE

plural Huawei Vulnerability related to authorization, authority, and access control in switch software

Trust: 0.8

sources: JVNDB: JVNDB-2016-008262

DESCRIPTION

Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation. plural Huawei The switch software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Huawei S5700 and others are all enterprise-level switches of China's Huawei (Huawei). Attackers can exploit this vulnerability to gain access to VTY (virtual type terminal). The following products and versions are affected: Huawei S5700 V200R001C00SPC300 Version, V200R002C00SPC100 Version, V200R003C00SPC300 Version, V200R005C00SPC500 Version, V200R006C00 Version; S6700 V200R001C00SPC300 Version, V200R002C00SPC100 Version, V200R003C00SPC300 Version, V200R005C00SPC500 Version, V200R006C00 Version; S7700 V200R001C00SPC300 Version, V200R002C00SPC100 Version, V200R003C00SPC300 Version, V200R005C00SPC500 Version, V200R006C00 Version; S9700 V200R001C00SPC300 Version, V200R002C00SPC100 Version, V200R003C00SPC300 Version, V200R005C00SPC500 Version, V200R006C00 Version; S12700 V200R005C00SPC500 Version, V200R006C00 Version; ACU2 V200R005C00SPC500 Version, V200R006C00 Version

Trust: 1.71

sources: NVD: CVE-2016-2404 // JVNDB: JVNDB-2016-008262 // VULHUB: VHN-91223

AFFECTED PRODUCTS

vendor:huaweimodel:acu2scope:eqversion:v200r005c00spc500

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r003c00spc300

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r005c00spc500

Trust: 1.6

vendor:huaweimodel:s12700scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r005c00spc500

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r001c00spc300

Trust: 1.6

vendor:huaweimodel:s12700scope:eqversion:v200r005c00spc500

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r002c00spc100

Trust: 1.6

vendor:huaweimodel:acu2scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:s6700scope:eqversion:v200r003c00spc300

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r005c00spc500

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r002c00spc100

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r003c00spc300

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r002c00spc100

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r002c00spc100

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r003c00spc300

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r006c00

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r005c00spc500

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r001c00spc300

Trust: 1.0

vendor:huaweimodel:acu2scope: - version: -

Trust: 0.8

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2016-008262 // NVD: CVE-2016-2404 // CNNVD: CNNVD-201704-193

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-2404
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201704-193
value: MEDIUM

Trust: 0.6

VULHUB: VHN-91223
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-2404
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-91223
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2016-2404
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-91223 // JVNDB: JVNDB-2016-008262 // NVD: CVE-2016-2404 // CNNVD: CNNVD-201704-193

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-91223 // JVNDB: JVNDB-2016-008262 // NVD: CVE-2016-2404

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-193

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201704-193

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-2404

PATCH
title:huawei-sa-20160217-01-switchurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en
Trust: 0.8
title:Various Huawei patch permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69041
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008262 // 
            
            
            
            CNNVD: CNNVD-201704-193

EXTERNAL IDS
db:NVDid:CVE-2016-2404
Trust: 2.5
db:JVNDBid:JVNDB-2016-008262
Trust: 0.8
db:CNNVDid:CNNVD-201704-193
Trust: 0.7
db:VULHUBid:VHN-91223
Trust: 0.1
sources:
            
            
            VULHUB: VHN-91223 // 
            
            
            
            JVNDB: JVNDB-2016-008262 // 
            
            
            
            NVD: CVE-2016-2404 // 
            
            
            
            CNNVD: CNNVD-201704-193

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2404
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-2404
Trust: 0.8
sources:
            
            
            VULHUB: VHN-91223 // 
            
            
            
            JVNDB: JVNDB-2016-008262 // 
            
            
            
            NVD: CVE-2016-2404 // 
            
            
            
            CNNVD: CNNVD-201704-193

SOURCES
db:VULHUBid:VHN-91223
db:JVNDBid:JVNDB-2016-008262
db:NVDid:CVE-2016-2404
db:CNNVDid:CNNVD-201704-193

LAST UPDATE DATE
2023-12-18T13:03:08.931000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-91223date:2017-04-11T00:00:00
db:JVNDBid:JVNDB-2016-008262date:2017-05-09T00:00:00
db:NVDid:CVE-2016-2404date:2017-04-11T01:11:21.077
db:CNNVDid:CNNVD-201704-193date:2017-04-07T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-91223date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2016-008262date:2017-05-09T00:00:00
db:NVDid:CVE-2016-2404date:2017-04-02T20:59:00.860
db:CNNVDid:CNNVD-201704-193date:2017-04-07T00:00:00