Details of VAR-201704-0173

ID

VAR-201704-0173

CVE

CVE-2015-8670

TITLE

Huawei LogCenter Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007454

DESCRIPTION

Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service. Huawei LogCenter Contains an input validation vulnerability.Service operation interruption (DoS) An attack may be carried out. Huawei LogCenter is a log management software from China Huawei. A denial of service vulnerability exists in Huawei's LogCenter V100R001C10 version. The vulnerability stems from the lack of legality checking of incoming device information data. There is a denial-of-service vulnerability in Huawei LogCenter V100R001C10

Trust: 2.25

sources: NVD: CVE-2015-8670 // JVNDB: JVNDB-2015-007454 // CNVD: CNVD-2017-04641 // VULHUB: VHN-86631

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-04641

AFFECTED PRODUCTS

vendor:	huawei	model:	logcenter	scope:	eq	version:	v100r001c10	Trust: 2.4
vendor:	huawei	model:	logcenter v100r001c10	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-04641 // JVNDB: JVNDB-2015-007454 // CNNVD: CNNVD-201704-195 // NVD: CVE-2015-8670

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-8670
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-8670
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-04641
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-195
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-86631
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-8670
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-04641
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-86631
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-8670
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-04641 // VULHUB: VHN-86631 // JVNDB: JVNDB-2015-007454 // CNNVD: CNNVD-201704-195 // NVD: CVE-2015-8670

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-86631 // JVNDB: JVNDB-2015-007454 // NVD: CVE-2015-8670

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-195

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201704-195

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007454

PATCH

title:	Huawei-SA-20151202-02-LogCenter	url:	http://www.huawei.com/en/psirt/security-advisories/hw-464247	Trust: 0.8
title:	Huawei LogCenter denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/91955	Trust: 0.6
title:	Huawei LogCenter Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69043	Trust: 0.6

sources: CNVD: CNVD-2017-04641 // JVNDB: JVNDB-2015-007454 // CNNVD: CNNVD-201704-195

EXTERNAL IDS

db:	NVD	id:	CVE-2015-8670	Trust: 3.1
db:	JVNDB	id:	JVNDB-2015-007454	Trust: 0.8
db:	CNVD	id:	CNVD-2017-04641	Trust: 0.6
db:	CNNVD	id:	CNNVD-201704-195	Trust: 0.6
db:	VULHUB	id:	VHN-86631	Trust: 0.1

sources: CNVD: CNVD-2017-04641 // VULHUB: VHN-86631 // JVNDB: JVNDB-2015-007454 // CNNVD: CNNVD-201704-195 // NVD: CVE-2015-8670

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/hw-464247	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8670	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8670	Trust: 0.8

sources: CNVD: CNVD-2017-04641 // VULHUB: VHN-86631 // JVNDB: JVNDB-2015-007454 // CNNVD: CNNVD-201704-195 // NVD: CVE-2015-8670

SOURCES

db:	CNVD	id:	CNVD-2017-04641
db:	VULHUB	id:	VHN-86631
db:	JVNDB	id:	JVNDB-2015-007454
db:	CNNVD	id:	CNNVD-201704-195
db:	NVD	id:	CVE-2015-8670

LAST UPDATE DATE

2025-04-20T23:37:57.651000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04641	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-86631	date:	2017-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-007454	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201704-195	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2015-8670	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04641	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-86631	date:	2017-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-007454	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201704-195	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2015-8670	date:	2017-04-02T20:59:00.813