Sign-up

ID

VAR-201704-0474


CVE

CVE-2014-9695


TITLE

Huawei Tecal E9000 Chassis of Hyper Module Management Vulnerability related to authorization, authority, and access control in software

Trust: 0.8

sources: JVNDB: JVNDB-2014-008279

DESCRIPTION

The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user. Huawei TecalE9000Chassis is a blade server of China Huawei. There is a security hole in the HMM software in Huawei TecalE9000ChassisV100R001C00SPC160 and previous versions. An attacker could exploit the vulnerability to operate a server as a super domain user

Trust: 2.25

sources: NVD: CVE-2014-9695 // JVNDB: JVNDB-2014-008279 // CNVD: CNVD-2017-04639 // VULHUB: VHN-77640

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04639

AFFECTED PRODUCTS

vendor:huaweimodel:tecal e9000 chassisscope:lteversion:v100r001c00spc160

Trust: 1.8

vendor:huaweimodel:tecal e9000 chassis <=v100r001c00spc160scope: - version: -

Trust: 0.6

vendor:huaweimodel:tecal e9000 chassisscope:eqversion:v100r001c00spc160

Trust: 0.6

sources: CNVD: CNVD-2017-04639 // JVNDB: JVNDB-2014-008279 // NVD: CVE-2014-9695 // CNNVD: CNNVD-201704-200

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2014-9695
value: HIGH

Trust: 1.8

CNVD: CNVD-2017-04639
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-200
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77640
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2014-9695
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-04639
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-77640
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2014-9695
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-04639 // VULHUB: VHN-77640 // JVNDB: JVNDB-2014-008279 // NVD: CVE-2014-9695 // CNNVD: CNNVD-201704-200

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-77640 // JVNDB: JVNDB-2014-008279 // NVD: CVE-2014-9695

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-200

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201704-200

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2014-9695

PATCH
title:Huawei-SA-20141224-01-HMMurl:http://www.huawei.com/en/psirt/security-advisories/hw-408118
Trust: 0.8
title:Huawei TecalE9000ChassisHyperModuleManagement Permission Permission Access Control Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/91952
Trust: 0.6
title:Huawei Tecal E9000 Chassis Hyper Module Management Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69047
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04639 // 
            
            
            
            JVNDB: JVNDB-2014-008279 // 
            
            
            
            CNNVD: CNNVD-201704-200

EXTERNAL IDS
db:NVDid:CVE-2014-9695
Trust: 3.1
db:JVNDBid:JVNDB-2014-008279
Trust: 0.8
db:CNNVDid:CNNVD-201704-200
Trust: 0.7
db:CNVDid:CNVD-2017-04639
Trust: 0.6
db:VULHUBid:VHN-77640
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04639 // 
            
            
            
            VULHUB: VHN-77640 // 
            
            
            
            JVNDB: JVNDB-2014-008279 // 
            
            
            
            NVD: CVE-2014-9695 // 
            
            
            
            CNNVD: CNNVD-201704-200

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/hw-408118
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9695
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-9695
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-04639 // 
            
            
            
            VULHUB: VHN-77640 // 
            
            
            
            JVNDB: JVNDB-2014-008279 // 
            
            
            
            NVD: CVE-2014-9695 // 
            
            
            
            CNNVD: CNNVD-201704-200

SOURCES
db:CNVDid:CNVD-2017-04639
db:VULHUBid:VHN-77640
db:JVNDBid:JVNDB-2014-008279
db:NVDid:CVE-2014-9695
db:CNNVDid:CNNVD-201704-200

LAST UPDATE DATE
2023-12-18T13:24:29.558000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04639date:2017-04-19T00:00:00
db:VULHUBid:VHN-77640date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2014-008279date:2017-05-02T00:00:00
db:NVDid:CVE-2014-9695date:2017-04-05T18:45:00.303
db:CNNVDid:CNNVD-201704-200date:2017-04-06T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04639date:2017-04-19T00:00:00
db:VULHUBid:VHN-77640date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2014-008279date:2017-05-02T00:00:00
db:NVDid:CVE-2014-9695date:2017-04-02T20:59:00.657
db:CNNVDid:CNNVD-201704-200date:2017-04-06T00:00:00