Sign-up

ID

VAR-201704-0174


CVE

CVE-2015-8671


TITLE

Huawei LogCenter Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2015-007455

DESCRIPTION

Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions. Huawei LogCenter Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei LogCenter is a set of log management software developed by Huawei in China. A privilege escalation vulnerability exists in Huawei LogCenter V100R001C10

Trust: 1.71

sources: NVD: CVE-2015-8671 // JVNDB: JVNDB-2015-007455 // VULHUB: VHN-86632

AFFECTED PRODUCTS

vendor:huaweimodel:logcenterscope:eqversion:v100r001c10

Trust: 2.4

sources: JVNDB: JVNDB-2015-007455 // NVD: CVE-2015-8671 // CNNVD: CNNVD-201704-194

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2015-8671
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201704-194
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86632
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2015-8671
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-86632
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2015-8671
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-86632 // JVNDB: JVNDB-2015-007455 // NVD: CVE-2015-8671 // CNNVD: CNNVD-201704-194

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-86632 // JVNDB: JVNDB-2015-007455 // NVD: CVE-2015-8671

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-194

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201704-194

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2015-8671

PATCH
title:Huawei-SA-20151202-01-LogCenterurl:http://www.huawei.com/en/psirt/security-advisories/hw-464243
Trust: 0.8
title:Huawei LogCenter Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69042
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-007455 // 
            
            
            
            CNNVD: CNNVD-201704-194

EXTERNAL IDS
db:NVDid:CVE-2015-8671
Trust: 2.5
db:JVNDBid:JVNDB-2015-007455
Trust: 0.8
db:CNNVDid:CNNVD-201704-194
Trust: 0.7
db:VULHUBid:VHN-86632
Trust: 0.1
sources:
            
            
            VULHUB: VHN-86632 // 
            
            
            
            JVNDB: JVNDB-2015-007455 // 
            
            
            
            NVD: CVE-2015-8671 // 
            
            
            
            CNNVD: CNNVD-201704-194

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/hw-464243
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8671
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-8671
Trust: 0.8
sources:
            
            
            VULHUB: VHN-86632 // 
            
            
            
            JVNDB: JVNDB-2015-007455 // 
            
            
            
            NVD: CVE-2015-8671 // 
            
            
            
            CNNVD: CNNVD-201704-194

SOURCES
db:VULHUBid:VHN-86632
db:JVNDBid:JVNDB-2015-007455
db:NVDid:CVE-2015-8671
db:CNNVDid:CNNVD-201704-194

LAST UPDATE DATE
2023-12-18T13:39:02.970000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-86632date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2015-007455date:2017-05-02T00:00:00
db:NVDid:CVE-2015-8671date:2017-04-05T15:09:52.837
db:CNNVDid:CNNVD-201704-194date:2017-04-06T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-86632date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2015-007455date:2017-05-02T00:00:00
db:NVDid:CVE-2015-8671date:2017-04-02T20:59:00.843
db:CNNVDid:CNNVD-201704-194date:2017-04-06T00:00:00