Sign-up

ID

VAR-201704-0475


CVE

CVE-2014-9696


TITLE

Huawei Tecal E9000 Chassis of Hyper Module Management Vulnerability related to authorization, authority, and access control in software

Trust: 0.8

sources: JVNDB: JVNDB-2014-008280

DESCRIPTION

The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation. Huawei Tecal E9000 Chassis is a blade server produced by China's Huawei (Huawei). Attackers can exploit this vulnerability to modify iMana user configuration beyond authorization

Trust: 1.71

sources: NVD: CVE-2014-9696 // JVNDB: JVNDB-2014-008280 // VULHUB: VHN-77641

AFFECTED PRODUCTS

vendor:huaweimodel:tecal e9000 chassisscope:lteversion:v100r001c00spc160

Trust: 1.8

vendor:huaweimodel:tecal e9000 chassisscope:eqversion:v100r001c00spc160

Trust: 0.6

sources: JVNDB: JVNDB-2014-008280 // NVD: CVE-2014-9696 // CNNVD: CNNVD-201704-199

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2014-9696
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201704-199
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77641
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2014-9696
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-77641
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2014-9696
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-77641 // JVNDB: JVNDB-2014-008280 // NVD: CVE-2014-9696 // CNNVD: CNNVD-201704-199

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-77641 // JVNDB: JVNDB-2014-008280 // NVD: CVE-2014-9696

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-199

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201704-199

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2014-9696

PATCH
title:Huawei-SA-20141224-02-HMMurl:http://www.huawei.com/en/psirt/security-advisories/hw-408117
Trust: 0.8
title:Huawei Tecal E9000 Chassis Hyper Module Management Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69046
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-008280 // 
            
            
            
            CNNVD: CNNVD-201704-199

EXTERNAL IDS
db:NVDid:CVE-2014-9696
Trust: 2.5
db:JVNDBid:JVNDB-2014-008280
Trust: 0.8
db:CNNVDid:CNNVD-201704-199
Trust: 0.6
db:VULHUBid:VHN-77641
Trust: 0.1
sources:
            
            
            VULHUB: VHN-77641 // 
            
            
            
            JVNDB: JVNDB-2014-008280 // 
            
            
            
            NVD: CVE-2014-9696 // 
            
            
            
            CNNVD: CNNVD-201704-199

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/hw-408117
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9696
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-9696
Trust: 0.8
sources:
            
            
            VULHUB: VHN-77641 // 
            
            
            
            JVNDB: JVNDB-2014-008280 // 
            
            
            
            NVD: CVE-2014-9696 // 
            
            
            
            CNNVD: CNNVD-201704-199

SOURCES
db:VULHUBid:VHN-77641
db:JVNDBid:JVNDB-2014-008280
db:NVDid:CVE-2014-9696
db:CNNVDid:CNNVD-201704-199

LAST UPDATE DATE
2023-12-18T13:14:23.158000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-77641date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2014-008280date:2017-05-02T00:00:00
db:NVDid:CVE-2014-9696date:2017-04-05T18:45:20.133
db:CNNVDid:CNNVD-201704-199date:2017-04-07T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-77641date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2014-008280date:2017-05-02T00:00:00
db:NVDid:CVE-2014-9696date:2017-04-02T20:59:00.687
db:CNNVDid:CNNVD-201704-199date:2017-04-07T00:00:00