Sign-up

ID

VAR-201708-0155


CVE

CVE-2015-8332


TITLE

Huawei Video Content Management Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007847

DESCRIPTION

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability.". Huawei Video Content Management (VCM) Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Video Content Management is a video content management system of China's Huawei company. Huawei Video Content Management has a security vulnerability that allows an attacker to exploit the vulnerability to escalate permissions and perform unauthorized actions. An extraction vulnerability exists in Huawei VCM V100R001C10B010. The vulnerability is caused by the program's improper handling of identity and authority verification for logged-in users. A remote attacker can exploit this vulnerability by sending maliciously constructed messages to the server to conduct illegal operations on cases created by other users, affecting the operation and use of other users

Trust: 2.52

sources: NVD: CVE-2015-8332 // JVNDB: JVNDB-2015-007847 // CNVD: CNVD-2015-08198 // BID: 77895 // VULHUB: VHN-86293

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08198

AFFECTED PRODUCTS

vendor:huaweimodel:vcm5010scope:lteversion:v100r001c10b010

Trust: 1.0

vendor:huaweimodel:vcm5020scope:lteversion:v100r001c10b010

Trust: 1.0

vendor:huaweimodel:vcm5010scope:ltversion:v100r001c10spc001

Trust: 0.8

vendor:huaweimodel:vcm5020scope:ltversion:v100r001c10spc001

Trust: 0.8

vendor:huaweimodel:video content managementscope: - version: -

Trust: 0.6

vendor:huaweimodel:vcm5020scope:eqversion:v100r001c10b010

Trust: 0.6

vendor:huaweimodel:vcm5010scope:eqversion:v100r001c10b010

Trust: 0.6

vendor:huaweimodel:video content management v100r001c10b010scope: - version: -

Trust: 0.3

vendor:huaweimodel:video content management v100r001c10spc001scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2015-08198 // BID: 77895 // JVNDB: JVNDB-2015-007847 // CNNVD: CNNVD-201512-207 // NVD: CVE-2015-8332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8332
value: HIGH

Trust: 1.0

NVD: CVE-2015-8332
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-08198
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201512-207
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86293
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8332
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-08198
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86293
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8332
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2015-08198 // VULHUB: VHN-86293 // JVNDB: JVNDB-2015-007847 // CNNVD: CNNVD-201512-207 // NVD: CVE-2015-8332

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-86293 // JVNDB: JVNDB-2015-007847 // NVD: CVE-2015-8332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-207

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201512-207

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007847

PATCH
title:Huawei-SA-20151125-01-VCMurl:http://www.huawei.com/en/psirt/security-advisories/hw-462985
Trust: 0.8
title:Patch for Huawei Video Content Management Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/68323
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-08198 // 
            
            
            
            JVNDB: JVNDB-2015-007847

EXTERNAL IDS
db:NVDid:CVE-2015-8332
Trust: 3.4
db:BIDid:77895
Trust: 1.6
db:JVNDBid:JVNDB-2015-007847
Trust: 0.8
db:CNNVDid:CNNVD-201512-207
Trust: 0.7
db:CNVDid:CNVD-2015-08198
Trust: 0.6
db:VULHUBid:VHN-86293
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08198 // 
            
            
            
            VULHUB: VHN-86293 // 
            
            
            
            BID: 77895 // 
            
            
            
            JVNDB: JVNDB-2015-007847 // 
            
            
            
            CNNVD: CNNVD-201512-207 // 
            
            
            
            NVD: CVE-2015-8332

REFERENCES
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462985.htm
Trust: 1.7
url:http://www.securityfocus.com/bid/77895
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8332
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-8332
Trust: 0.8
url:http://www.huawei.com/
Trust: 0.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462985.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-08198 // 
            
            
            
            VULHUB: VHN-86293 // 
            
            
            
            BID: 77895 // 
            
            
            
            JVNDB: JVNDB-2015-007847 // 
            
            
            
            CNNVD: CNNVD-201512-207 // 
            
            
            
            NVD: CVE-2015-8332

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 77895

SOURCES
db:CNVDid:CNVD-2015-08198
db:VULHUBid:VHN-86293
db:BIDid:77895
db:JVNDBid:JVNDB-2015-007847
db:CNNVDid:CNNVD-201512-207
db:NVDid:CVE-2015-8332

LAST UPDATE DATE
2025-04-20T23:24:55.577000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08198date:2015-12-15T00:00:00
db:VULHUBid:VHN-86293date:2017-09-08T00:00:00
db:BIDid:77895date:2015-11-25T00:00:00
db:JVNDBid:JVNDB-2015-007847date:2017-09-28T00:00:00
db:CNNVDid:CNNVD-201512-207date:2017-08-29T00:00:00
db:NVDid:CVE-2015-8332date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-08198date:2015-12-15T00:00:00
db:VULHUBid:VHN-86293date:2017-08-28T00:00:00
db:BIDid:77895date:2015-11-25T00:00:00
db:JVNDBid:JVNDB-2015-007847date:2017-09-28T00:00:00
db:CNNVDid:CNNVD-201512-207date:2015-11-25T00:00:00
db:NVDid:CVE-2015-8332date:2017-08-28T21:29:00.247