Sign-up

ID

VAR-201704-0475


CVE

CVE-2014-9696


TITLE

Huawei Tecal E9000 Chassis of Hyper Module Management Vulnerability related to authorization, authority, and access control in software

Trust: 0.8

sources: JVNDB: JVNDB-2014-008280

DESCRIPTION

The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation. Huawei Tecal E9000 Chassis is a blade server produced by China's Huawei (Huawei). Attackers can exploit this vulnerability to modify iMana user configuration beyond authorization

Trust: 1.71

sources: NVD: CVE-2014-9696 // JVNDB: JVNDB-2014-008280 // VULHUB: VHN-77641

AFFECTED PRODUCTS

vendor:huaweimodel:tecal e9000 chassisscope:lteversion:v100r001c00spc160

Trust: 1.8

vendor:huaweimodel:tecal e9000 chassisscope:eqversion:v100r001c00spc160

Trust: 0.6

sources: JVNDB: JVNDB-2014-008280 // CNNVD: CNNVD-201704-199 // NVD: CVE-2014-9696

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9696
value: HIGH

Trust: 1.0

NVD: CVE-2014-9696
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201704-199
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77641
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9696
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-77641
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-9696
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-77641 // JVNDB: JVNDB-2014-008280 // CNNVD: CNNVD-201704-199 // NVD: CVE-2014-9696

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-77641 // JVNDB: JVNDB-2014-008280 // NVD: CVE-2014-9696

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-199

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201704-199

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008280

PATCH
title:Huawei-SA-20141224-02-HMMurl:http://www.huawei.com/en/psirt/security-advisories/hw-408117
Trust: 0.8
title:Huawei Tecal E9000 Chassis Hyper Module Management Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69046
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-008280 // 
            
            
            
            CNNVD: CNNVD-201704-199

EXTERNAL IDS
db:NVDid:CVE-2014-9696
Trust: 2.5
db:JVNDBid:JVNDB-2014-008280
Trust: 0.8
db:CNNVDid:CNNVD-201704-199
Trust: 0.6
db:VULHUBid:VHN-77641
Trust: 0.1
sources:
            
            
            VULHUB: VHN-77641 // 
            
            
            
            JVNDB: JVNDB-2014-008280 // 
            
            
            
            CNNVD: CNNVD-201704-199 // 
            
            
            
            NVD: CVE-2014-9696

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/hw-408117
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9696
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-9696
Trust: 0.8
sources:
            
            
            VULHUB: VHN-77641 // 
            
            
            
            JVNDB: JVNDB-2014-008280 // 
            
            
            
            CNNVD: CNNVD-201704-199 // 
            
            
            
            NVD: CVE-2014-9696

SOURCES
db:VULHUBid:VHN-77641
db:JVNDBid:JVNDB-2014-008280
db:CNNVDid:CNNVD-201704-199
db:NVDid:CVE-2014-9696

LAST UPDATE DATE
2025-04-20T23:35:54.838000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-77641date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2014-008280date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201704-199date:2017-04-07T00:00:00
db:NVDid:CVE-2014-9696date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-77641date:2017-04-02T00:00:00
db:JVNDBid:JVNDB-2014-008280date:2017-05-02T00:00:00
db:CNNVDid:CNNVD-201704-199date:2017-04-07T00:00:00
db:NVDid:CVE-2014-9696date:2017-04-02T20:59:00.687