Sign-up

ID

VAR-201704-0471


CVE

CVE-2014-9692


TITLE

plural Huawei Tecal Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2014-008282

DESCRIPTION

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117 and earlier versions, Tecal RH2288H V2 V100R002C00SPC115 and earlier versions, Tecal RH2485 V2 V100R002C00SPC502 and earlier versions, Tecal RH5885 V2 V100R001C02SPC109 and earlier versions, Tecal RH5885 V3 V100R003C01SPC102 and earlier versions, Tecal RH5885H V3 V100R003C00SPC102 and earlier versions, Tecal XH310 V2 V100R001C00SPC110 and earlier versions, Tecal XH311 V2 V100R001C00SPC110 and earlier versions, Tecal XH320 V2 V100R001C00SPC110 and earlier versions, Tecal XH621 V2 V100R001C00SPC106 and earlier versions, Tecal DH310 V2 V100R001C00SPC110 and earlier versions, Tecal DH320 V2 V100R001C00SPC106 and earlier versions, Tecal DH620 V2 V100R001C00SPC106 and earlier versions, Tecal DH621 V2 V100R001C00SPC107 and earlier versions, Tecal DH628 V2 V100R001C00SPC107 and earlier versions, Tecal BH620 V2 V100R002C00SPC107 and earlier versions, Tecal BH621 V2 V100R002C00SPC106 and earlier versions, Tecal BH622 V2 V100R002C00SPC110 and earlier versions, Tecal BH640 V2 V100R002C00SPC108 and earlier versions, Tecal CH121 V100R001C00SPC180 and earlier versions, Tecal CH140 V100R001C00SPC110 and earlier versions, Tecal CH220 V100R001C00SPC180 and earlier versions, Tecal CH221 V100R001C00SPC180 and earlier versions, Tecal CH222 V100R002C00SPC180 and earlier versions, Tecal CH240 V100R001C00SPC180 and earlier versions, Tecal CH242 V100R001C00SPC180 and earlier versions, Tecal CH242 V3 V100R001C00SPC110 and earlier versions could allow attackers to figure out the RMCP+ session IDs of users and access the system with forged identities. plural Huawei Tecal The product contains an information disclosure vulnerability.Information may be obtained. Huawei TecalRH1288V2 is a server of Huawei (Huawei) of China. There are security vulnerabilities in various Huawei servers. An attacker could exploit the vulnerability to gain access to the system by guessing the SessionID used by other users. Huawei Tecal RH1288 V2 and others are all servers of the Chinese company Huawei

Trust: 2.25

sources: NVD: CVE-2014-9692 // JVNDB: JVNDB-2014-008282 // CNVD: CNVD-2017-04636 // VULHUB: VHN-77637

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04636

AFFECTED PRODUCTS

vendor:huaweimodel:tecal rh2265 v2scope:eqversion:v100r002c00

Trust: 2.4

vendor:huaweimodel:tecal rh2268 v2scope:eqversion:v100r002c00

Trust: 2.4

vendor:huaweimodel:tecal bh620 v2scope:lteversion:v100r002c00spc107

Trust: 1.8

vendor:huaweimodel:tecal bh621 v2scope:lteversion:v100r002c00spc106

Trust: 1.8

vendor:huaweimodel:tecal bh622 v2scope:lteversion:v100r002c00spc110

Trust: 1.8

vendor:huaweimodel:tecal bh640 v2scope:lteversion:v100r002c00spc108

Trust: 1.8

vendor:huaweimodel:tecal ch121scope:lteversion:v100r001c00spc180

Trust: 1.8

vendor:huaweimodel:tecal ch140scope:lteversion:v100r001c00spc110

Trust: 1.8

vendor:huaweimodel:tecal ch220scope:lteversion:v100r001c00spc180

Trust: 1.8

vendor:huaweimodel:tecal ch221scope:lteversion:v100r001c00spc180

Trust: 1.8

vendor:huaweimodel:tecal ch222scope:lteversion:v100r002c00spc180

Trust: 1.8

vendor:huaweimodel:tecal ch240scope:lteversion:v100r001c00spc180

Trust: 1.8

vendor:huaweimodel:tecal ch242 v3scope:lteversion:v100r001c00spc110

Trust: 1.8

vendor:huaweimodel:tecal ch242scope:lteversion:v100r001c00spc180

Trust: 1.8

vendor:huaweimodel:tecal dh310 v2scope:lteversion:v100r001c00spc110

Trust: 1.8

vendor:huaweimodel:tecal dh320 v2scope:lteversion:v100r001c00spc106

Trust: 1.8

vendor:huaweimodel:tecal dh620 v2scope:lteversion:v100r001c00spc106

Trust: 1.8

vendor:huaweimodel:tecal dh621 v2scope:lteversion:v100r001c00spc107

Trust: 1.8

vendor:huaweimodel:tecal dh628 v2scope:lteversion:v100r001c00spc107

Trust: 1.8

vendor:huaweimodel:tecal rh1288 v2scope:lteversion:v100r002c00spc107

Trust: 1.8

vendor:huaweimodel:tecal rh2285 v2scope:lteversion:v100r002c00spc115

Trust: 1.8

vendor:huaweimodel:tecal rh2285h v2scope:lteversion:v100r002c00spc111

Trust: 1.8

vendor:huaweimodel:tecal rh2288 v2scope:lteversion:v100r002c00spc117

Trust: 1.8

vendor:huaweimodel:tecal rh2288h v2scope:lteversion:v100r002c00spc115

Trust: 1.8

vendor:huaweimodel:tecal rh2485 v2scope:lteversion:v100r002c00spc502

Trust: 1.8

vendor:huaweimodel:tecal rh5885 v2scope:lteversion:v100r001c02spc109

Trust: 1.8

vendor:huaweimodel:tecal rh5885 v3scope:lteversion:v100r003c01spc102

Trust: 1.8

vendor:huaweimodel:tecal rh5885h v3scope:lteversion:v100r003c00spc102

Trust: 1.8

vendor:huaweimodel:tecal xh310 v2scope:lteversion:v100r001c00spc110

Trust: 1.8

vendor:huaweimodel:tecal xh311 v2scope:lteversion:v100r001c00spc110

Trust: 1.8

vendor:huaweimodel:tecal xh320 v2scope:lteversion:v100r001c00spc110

Trust: 1.8

vendor:huaweimodel:tecal xh621 v2scope:lteversion:v100r001c00spc106

Trust: 1.8

vendor:huaweimodel:tecalscope: - version: -

Trust: 0.6

vendor:huaweimodel:tecal rh2285h v2scope:eqversion:v100r002c00spc111

Trust: 0.6

vendor:huaweimodel:tecal rh2285 v2scope:eqversion:v100r002c00spc115

Trust: 0.6

vendor:huaweimodel:tecal rh5885 v3scope:eqversion:v100r003c01spc102

Trust: 0.6

vendor:huaweimodel:tecal xh310 v2scope:eqversion:v100r001c00spc110

Trust: 0.6

vendor:huaweimodel:tecal rh1288 v2scope:eqversion:v100r002c00spc107

Trust: 0.6

vendor:huaweimodel:tecal rh2288 v2scope:eqversion:v100r002c00spc117

Trust: 0.6

vendor:huaweimodel:tecal rh5885h v3scope:eqversion:v100r003c00spc102

Trust: 0.6

sources: CNVD: CNVD-2017-04636 // JVNDB: JVNDB-2014-008282 // CNNVD: CNNVD-201704-203 // NVD: CVE-2014-9692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9692
value: HIGH

Trust: 1.0

NVD: CVE-2014-9692
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-04636
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-203
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77637
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9692
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04636
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-77637
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-9692
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04636 // VULHUB: VHN-77637 // JVNDB: JVNDB-2014-008282 // CNNVD: CNNVD-201704-203 // NVD: CVE-2014-9692

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-77637 // JVNDB: JVNDB-2014-008282 // NVD: CVE-2014-9692

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-203

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-203

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008282

PATCH
title:Huawei-SA-20141224-01-Tecalurl:http://www.huawei.com/en/psirt/security-advisories/hw-408100
Trust: 0.8
title:Patches for various Huawei server design vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/91948
Trust: 0.6
title:Various Huawei server security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69050
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04636 // 
            
            
            
            JVNDB: JVNDB-2014-008282 // 
            
            
            
            CNNVD: CNNVD-201704-203

EXTERNAL IDS
db:NVDid:CVE-2014-9692
Trust: 3.1
db:JVNDBid:JVNDB-2014-008282
Trust: 0.8
db:CNNVDid:CNNVD-201704-203
Trust: 0.7
db:CNVDid:CNVD-2017-04636
Trust: 0.6
db:VULHUBid:VHN-77637
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04636 // 
            
            
            
            VULHUB: VHN-77637 // 
            
            
            
            JVNDB: JVNDB-2014-008282 // 
            
            
            
            CNNVD: CNNVD-201704-203 // 
            
            
            
            NVD: CVE-2014-9692

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/hw-408100
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9692
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-9692
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-04636 // 
            
            
            
            VULHUB: VHN-77637 // 
            
            
            
            JVNDB: JVNDB-2014-008282 // 
            
            
            
            CNNVD: CNNVD-201704-203 // 
            
            
            
            NVD: CVE-2014-9692

SOURCES
db:CNVDid:CNVD-2017-04636
db:VULHUBid:VHN-77637
db:JVNDBid:JVNDB-2014-008282
db:CNNVDid:CNNVD-201704-203
db:NVDid:CVE-2014-9692

LAST UPDATE DATE
2025-04-20T23:23:47.430000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04636date:2017-04-19T00:00:00
db:VULHUBid:VHN-77637date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2014-008282date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201704-203date:2017-04-06T00:00:00
db:NVDid:CVE-2014-9692date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04636date:2017-04-19T00:00:00
db:VULHUBid:VHN-77637date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2014-008282date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201704-203date:2017-04-06T00:00:00
db:NVDid:CVE-2014-9692date:2017-04-02T20:59:00.563