Sign-up

ID

VAR-201704-0426


CVE

CVE-2016-8803


TITLE

Huawei FusionStorage Document creation vulnerability in the maintenance module

Trust: 0.8

sources: JVNDB: JVNDB-2016-008228

DESCRIPTION

The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. Huawei FusionStorage is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. Huawei FusionStorage is a set of distributed block storage software specially designed for the storage infrastructure of cloud computing data centers by Huawei in China. There is a privilege escalation vulnerability in Huawei FusionStorage

Trust: 1.98

sources: NVD: CVE-2016-8803 // JVNDB: JVNDB-2016-008228 // BID: 94507 // VULHUB: VHN-97623

AFFECTED PRODUCTS

vendor:huaweimodel:fusionstoragescope:eqversion:v100r003c30u1

Trust: 1.6

vendor:huaweimodel:fusionmanagerscope:eqversion:v100r003c30u1

Trust: 0.8

vendor:huaweimodel:fusionstorage v100r003c30u1scope: - version: -

Trust: 0.3

vendor:huaweimodel:fusionstorage v100r003c30u2scope:neversion: -

Trust: 0.3

sources: BID: 94507 // JVNDB: JVNDB-2016-008228 // CNNVD: CNNVD-201611-661 // NVD: CVE-2016-8803

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8803
value: HIGH

Trust: 1.0

NVD: CVE-2016-8803
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201611-661
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97623
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8803
severity: MEDIUM
baseScore: 4.1
vectorString: AV:L/AC:M/AU:S/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 2.7
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-97623
severity: MEDIUM
baseScore: 4.1
vectorString: AV:L/AC:M/AU:S/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 2.7
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8803
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-97623 // JVNDB: JVNDB-2016-008228 // CNNVD: CNNVD-201611-661 // NVD: CVE-2016-8803

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-97623 // JVNDB: JVNDB-2016-008228 // NVD: CVE-2016-8803

THREAT TYPE

local

Trust: 0.9

sources: BID: 94507 // CNNVD: CNNVD-201611-661

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201611-661

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008228

PATCH
title:huawei-sa-20161123-01-fusionstorageurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en
Trust: 0.8
title:Huawei FusionStorage Repair measures for privilege escalationurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65935
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008228 // 
            
            
            
            CNNVD: CNNVD-201611-661

EXTERNAL IDS
db:NVDid:CVE-2016-8803
Trust: 2.8
db:BIDid:94507
Trust: 2.0
db:JVNDBid:JVNDB-2016-008228
Trust: 0.8
db:CNNVDid:CNNVD-201611-661
Trust: 0.7
db:VULHUBid:VHN-97623
Trust: 0.1
sources:
            
            
            VULHUB: VHN-97623 // 
            
            
            
            BID: 94507 // 
            
            
            
            JVNDB: JVNDB-2016-008228 // 
            
            
            
            CNNVD: CNNVD-201611-661 // 
            
            
            
            NVD: CVE-2016-8803

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en
Trust: 2.0
url:http://www.securityfocus.com/bid/94507
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8803
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8803
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-97623 // 
            
            
            
            BID: 94507 // 
            
            
            
            JVNDB: JVNDB-2016-008228 // 
            
            
            
            CNNVD: CNNVD-201611-661 // 
            
            
            
            NVD: CVE-2016-8803

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 94507

SOURCES
db:VULHUBid:VHN-97623
db:BIDid:94507
db:JVNDBid:JVNDB-2016-008228
db:CNNVDid:CNNVD-201611-661
db:NVDid:CVE-2016-8803

LAST UPDATE DATE
2025-04-20T23:40:09.990000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-97623date:2017-04-05T00:00:00
db:BIDid:94507date:2016-12-20T01:02:00
db:JVNDBid:JVNDB-2016-008228date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201611-661date:2016-12-02T00:00:00
db:NVDid:CVE-2016-8803date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-97623date:2017-04-02T00:00:00
db:BIDid:94507date:2016-11-23T00:00:00
db:JVNDBid:JVNDB-2016-008228date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201611-661date:2016-11-23T00:00:00
db:NVDid:CVE-2016-8803date:2017-04-02T20:59:01.970