Details of VAR-201710-0094

ID

VAR-201710-0094

CVE

CVE-2015-7841

TITLE

plural Huawei FusionServer Command injection vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2015-008009

DESCRIPTION

The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a "user creation command.". plural Huawei FusionServer The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionServer RH2288 V3 is a server product of Huawei Technologies, China. The Huawei FusionServer product has a security vulnerability that allows remote attackers to submit special requests to change parameters in the login page and inject commands. Huawei FusionServer products are prone to multiple security-bypass vulnerabilities and a command-injection vulnerability. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks or execute arbitrary commands in the context of the application; other attacks may also be possible. A command injection vulnerability exists in the server login page of several Huawei FusionServer products. The following products and versions are affected: Huawei FusionServer RH2288 V3 , RH2288H V3 and XH628 V3 V100R003C00 Version, FusionServer RH1288 V3 V100R003C00SPC100 Version, FusionServer RH2288A V2 and FusionServer RH1288A V2 V100R002C00 Version, FusionServer RH8100 V3 V100R003C00 Version, FusionServer CH222 V3 , CH220 V3 and CH121 V3 V100R001C00 version

Trust: 2.61

sources: NVD: CVE-2015-7841 // JVNDB: JVNDB-2015-008009 // CNVD: CNVD-2015-07207 // BID: 76836 // VULHUB: VHN-85802 // VULMON: CVE-2015-7841

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-07207

AFFECTED PRODUCTS

vendor:	huawei	model:	fusionserver ch121 v3	scope:	eq	version:	v100r001c00	Trust: 1.6
vendor:	huawei	model:	fusionserver xh628 v3	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	fusionserver ch222 v3	scope:	eq	version:	v100r001c00	Trust: 1.6
vendor:	huawei	model:	fusionserver rh2288a v2	scope:	eq	version:	v100r002c00	Trust: 1.6
vendor:	huawei	model:	fusionserver rh2288h v3	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	fusionserver rh2288 v3	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	fusionserver rh1288a v2	scope:	eq	version:	v100r002c00	Trust: 1.6
vendor:	huawei	model:	fusionserver rh8100 v3	scope:	eq	version:	v100r003c00	Trust: 1.6
vendor:	huawei	model:	fusionserver ch220 v3	scope:	eq	version:	v100r001c00	Trust: 1.6
vendor:	huawei	model:	fusionserver rh1288 v3	scope:	eq	version:	v100r003c00spc100	Trust: 1.6
vendor:	huawei	model:	fusionserver ch121 v3	scope:	lt	version:	v100r001c00spc161	Trust: 0.8
vendor:	huawei	model:	fusionserver ch220 v3	scope:	lt	version:	v100r001c00spc161	Trust: 0.8
vendor:	huawei	model:	fusionserver ch222 v3	scope:	lt	version:	v100r001c00spc161	Trust: 0.8
vendor:	huawei	model:	fusionserver rh1288 v3	scope:	lt	version:	v100r003c00spc602	Trust: 0.8
vendor:	huawei	model:	fusionserver rh1288a v2	scope:	lt	version:	v100r002c00spc502	Trust: 0.8
vendor:	huawei	model:	fusionserver rh2288 v3	scope:	lt	version:	v100r003c00spc603	Trust: 0.8
vendor:	huawei	model:	fusionserver rh2288a v2	scope:	lt	version:	v100r002c00spc701	Trust: 0.8
vendor:	huawei	model:	fusionserver rh2288h v3	scope:	lt	version:	v100r003c00spc503	Trust: 0.8
vendor:	huawei	model:	fusionserver rh8100 v3	scope:	lt	version:	v100r003c00spc110	Trust: 0.8
vendor:	huawei	model:	fusionserver xh628 v3	scope:	lt	version:	v100r003c00spc602	Trust: 0.8
vendor:	huawei	model:	fusionserver rh2288	scope:	eq	version:	v3	Trust: 0.6

sources: CNVD: CNVD-2015-07207 // JVNDB: JVNDB-2015-008009 // CNNVD: CNNVD-201510-688 // NVD: CVE-2015-7841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7841
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2015-7841
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2015-07207
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201510-688
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-85802
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-7841
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-7841
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-07207
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-85802
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7841
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2015-07207 // VULHUB: VHN-85802 // VULMON: CVE-2015-7841 // JVNDB: JVNDB-2015-008009 // CNNVD: CNNVD-201510-688 // NVD: CVE-2015-7841

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.9

sources: VULHUB: VHN-85802 // JVNDB: JVNDB-2015-008009 // NVD: CVE-2015-7841

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-688

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201510-688

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-008009

PATCH

title:	Huawei-SA-20150923-01-FusionServer	url:	http://www.huawei.com/en/psirt/security-advisories/hw-454418	Trust: 0.8
title:	Huawei FusionServer product command injection vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/66225	Trust: 0.6

sources: CNVD: CNVD-2015-07207 // JVNDB: JVNDB-2015-008009

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7841	Trust: 3.5
db:	BID	id:	76836	Trust: 2.7
db:	JVNDB	id:	JVNDB-2015-008009	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-688	Trust: 0.7
db:	CNVD	id:	CNVD-2015-07207	Trust: 0.6
db:	VULHUB	id:	VHN-85802	Trust: 0.1
db:	VULMON	id:	CVE-2015-7841	Trust: 0.1

sources: CNVD: CNVD-2015-07207 // VULHUB: VHN-85802 // VULMON: CVE-2015-7841 // BID: 76836 // JVNDB: JVNDB-2015-008009 // CNNVD: CNNVD-201510-688 // NVD: CVE-2015-7841

REFERENCES

url:	http://www.securityfocus.com/bid/76836	Trust: 2.5
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7841	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7841	Trust: 0.8
url:	http://www.huawei.com	Trust: 0.3
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-456219.htm	Trust: 0.3
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-454418.htm	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2015-07207 // VULHUB: VHN-85802 // VULMON: CVE-2015-7841 // BID: 76836 // JVNDB: JVNDB-2015-008009 // CNNVD: CNNVD-201510-688 // NVD: CVE-2015-7841

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 76836

SOURCES

db:	CNVD	id:	CNVD-2015-07207
db:	VULHUB	id:	VHN-85802
db:	VULMON	id:	CVE-2015-7841
db:	BID	id:	76836
db:	JVNDB	id:	JVNDB-2015-008009
db:	CNNVD	id:	CNNVD-201510-688
db:	NVD	id:	CVE-2015-7841

LAST UPDATE DATE

2025-04-20T23:25:56.784000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07207	date:	2015-11-04T00:00:00
db:	VULHUB	id:	VHN-85802	date:	2017-10-23T00:00:00
db:	VULMON	id:	CVE-2015-7841	date:	2017-10-23T00:00:00
db:	BID	id:	76836	date:	2015-11-03T20:11:00
db:	JVNDB	id:	JVNDB-2015-008009	date:	2017-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201510-688	date:	2017-10-17T00:00:00
db:	NVD	id:	CVE-2015-7841	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-07207	date:	2015-11-04T00:00:00
db:	VULHUB	id:	VHN-85802	date:	2017-10-03T00:00:00
db:	VULMON	id:	CVE-2015-7841	date:	2017-10-03T00:00:00
db:	BID	id:	76836	date:	2015-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2015-008009	date:	2017-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201510-688	date:	2015-09-23T00:00:00
db:	NVD	id:	CVE-2015-7841	date:	2017-10-03T01:29:00.793