Details of VAR-201704-0396

ID

VAR-201704-0396

CVE

CVE-2015-7844

TITLE

Huawei FusionAccess Input validation vulnerability in other software

Trust: 0.8

sources: JVNDB: JVNDB-2015-007453

DESCRIPTION

Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable. Huawei FusionAccess Software contains input validation vulnerabilities.Service operation interruption (DoS) An attack may be carried out. Huawei FusionAccess is a desktop management system for Huawei's FusionCloud desktop cloud solution from Huawei. The system distributes, maintains, and recycles virtual desktops to users through a graphical Portal interface. An input verification vulnerability exists in Huawei FusionAccess V100R005C10 and V100R005C20

Trust: 2.25

sources: NVD: CVE-2015-7844 // JVNDB: JVNDB-2015-007453 // CNVD: CNVD-2017-04640 // VULHUB: VHN-85805

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-04640

AFFECTED PRODUCTS

vendor:	huawei	model:	fusionaccess	scope:	eq	version:	v100r005c10	Trust: 2.4
vendor:	huawei	model:	fusionaccess	scope:	eq	version:	v100r005c20	Trust: 2.4
vendor:	huawei	model:	fusionaccess v100r005c20	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	fusionaccess v100r005c10	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-04640 // JVNDB: JVNDB-2015-007453 // CNNVD: CNNVD-201704-197 // NVD: CVE-2015-7844

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7844
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-7844
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-04640
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201704-197
value:	HIGH
Trust: 0.6
VULHUB:	VHN-85805
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-7844
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-04640
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-85805
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7844
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-04640 // VULHUB: VHN-85805 // JVNDB: JVNDB-2015-007453 // CNNVD: CNNVD-201704-197 // NVD: CVE-2015-7844

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-85805 // JVNDB: JVNDB-2015-007453 // NVD: CVE-2015-7844

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-197

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201704-197

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007453

PATCH

title:	Huawei-SA-20150909-02-FusionAccess	url:	http://www.huawei.com/en/psirt/security-advisories/hw-453537	Trust: 0.8
title:	Huawei FusionAccess input verification vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/91953	Trust: 0.6
title:	Huawei FusionAccess Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69044	Trust: 0.6

sources: CNVD: CNVD-2017-04640 // JVNDB: JVNDB-2015-007453 // CNNVD: CNNVD-201704-197

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7844	Trust: 3.1
db:	JVNDB	id:	JVNDB-2015-007453	Trust: 0.8
db:	CNVD	id:	CNVD-2017-04640	Trust: 0.6
db:	CNNVD	id:	CNNVD-201704-197	Trust: 0.6
db:	VULHUB	id:	VHN-85805	Trust: 0.1

sources: CNVD: CNVD-2017-04640 // VULHUB: VHN-85805 // JVNDB: JVNDB-2015-007453 // CNNVD: CNNVD-201704-197 // NVD: CVE-2015-7844

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/hw-453537	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7844	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7844	Trust: 0.8

sources: CNVD: CNVD-2017-04640 // VULHUB: VHN-85805 // JVNDB: JVNDB-2015-007453 // CNNVD: CNNVD-201704-197 // NVD: CVE-2015-7844

SOURCES

db:	CNVD	id:	CNVD-2017-04640
db:	VULHUB	id:	VHN-85805
db:	JVNDB	id:	JVNDB-2015-007453
db:	CNNVD	id:	CNNVD-201704-197
db:	NVD	id:	CVE-2015-7844

LAST UPDATE DATE

2025-04-20T23:36:56.224000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04640	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-85805	date:	2017-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-007453	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201704-197	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2015-7844	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04640	date:	2017-04-19T00:00:00
db:	VULHUB	id:	VHN-85805	date:	2017-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-007453	date:	2017-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201704-197	date:	2017-04-06T00:00:00
db:	NVD	id:	CVE-2015-7844	date:	2017-04-02T20:59:00.750