Sign-up

ID

VAR-201710-0096


CVE

CVE-2015-7843


TITLE

plural Huawei FusionServer Vulnerabilities related to security functions in products

Trust: 0.8

sources: JVNDB: JVNDB-2015-008010

DESCRIPTION

The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack. plural Huawei FusionServer The product contains vulnerabilities related to security functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionServer RH2288 V3 is a server product of Huawei Technologies, China. The Huawei FusionServer product failed to properly limit the number of query attempts, allowing remote attackers to obtain sensitive information through brute force attacks. Huawei FusionServer products are prone to multiple security-bypass vulnerabilities and a command-injection vulnerability. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks or execute arbitrary commands in the context of the application; other attacks may also be possible. The vulnerability is caused by the program not correctly limiting the number of query attempts. The following products and versions are affected: Huawei FusionServer RH2288 V3 , RH2288H V3 and XH628 V3 V100R003C00 Version, FusionServer RH1288 V3 V100R003C00SPC100 Version, FusionServer RH2288A V2 and FusionServer RH1288A V2 V100R002C00 Version, FusionServer RH8100 V3 V100R003C00 Version, FusionServer CH222 V3 , CH220 V3 and CH121 V3 V100R001C00 version

Trust: 2.52

sources: NVD: CVE-2015-7843 // JVNDB: JVNDB-2015-008010 // CNVD: CNVD-2015-07209 // BID: 76836 // VULHUB: VHN-85804

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-07209

AFFECTED PRODUCTS

vendor:huaweimodel:fusionserver ch121 v3scope:eqversion:v100r001c00

Trust: 1.6

vendor:huaweimodel:fusionserver xh628 v3scope:eqversion:v100r003c00

Trust: 1.6

vendor:huaweimodel:fusionserver rh2288a v2scope:eqversion:v100r002c00

Trust: 1.6

vendor:huaweimodel:fusionserver rh2288h v3scope:eqversion:v100r003c00

Trust: 1.6

vendor:huaweimodel:fusionserver rh1288 v3scope:eqversion:v100r003c00spc100

Trust: 1.6

vendor:huaweimodel:fusionserver rh1288a v2scope:eqversion:v100r002c00

Trust: 1.6

vendor:huaweimodel:fusionserver rh2288 v3scope:eqversion:v100r003c00

Trust: 1.6

vendor:huaweimodel:fusionserver rh8100 v3scope:eqversion:v100r003c00

Trust: 1.6

vendor:huaweimodel:fusionserver ch220 v3scope:eqversion:v100r001c00

Trust: 1.6

vendor:huaweimodel:fusionserver ch222 v3scope:eqversion:v100r001c00

Trust: 1.6

vendor:huaweimodel:fusionserver ch121 v3scope:ltversion:v100r001c00spc161

Trust: 0.8

vendor:huaweimodel:fusionserver ch220 v3scope:ltversion:v100r001c00spc161

Trust: 0.8

vendor:huaweimodel:fusionserver ch222 v3scope:ltversion:v100r001c00spc161

Trust: 0.8

vendor:huaweimodel:fusionserver rh1288 v3scope:ltversion:v100r003c00spc602

Trust: 0.8

vendor:huaweimodel:fusionserver rh1288a v2scope:ltversion:v100r002c00spc502

Trust: 0.8

vendor:huaweimodel:fusionserver rh2288 v3scope:ltversion:v100r003c00spc603

Trust: 0.8

vendor:huaweimodel:fusionserver rh2288a v2scope:ltversion:v100r002c00spc701

Trust: 0.8

vendor:huaweimodel:fusionserver rh2288h v3scope:ltversion:v100r003c00spc503

Trust: 0.8

vendor:huaweimodel:fusionserver rh8100 v3scope:ltversion:v100r003c00spc110

Trust: 0.8

vendor:huaweimodel:fusionserver xh628 v3scope:ltversion:v100r003c00spc602

Trust: 0.8

vendor:huaweimodel:fusionserver rh2288scope:eqversion:v3

Trust: 0.6

sources: CNVD: CNVD-2015-07209 // JVNDB: JVNDB-2015-008010 // CNNVD: CNNVD-201510-690 // NVD: CVE-2015-7843

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7843
value: HIGH

Trust: 1.0

NVD: CVE-2015-7843
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-07209
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201510-690
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85804
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7843
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-07209
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-85804
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7843
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2015-07209 // VULHUB: VHN-85804 // JVNDB: JVNDB-2015-008010 // CNNVD: CNNVD-201510-690 // NVD: CVE-2015-7843

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.9

sources: VULHUB: VHN-85804 // JVNDB: JVNDB-2015-008010 // NVD: CVE-2015-7843

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-690

TYPE

Unknown

Trust: 0.3

sources: BID: 76836

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008010

PATCH
title:Huawei-SA-20150923-01-FusionServerurl:http://www.huawei.com/en/psirt/security-advisories/hw-454418
Trust: 0.8
title:Huawei FusionServer product security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/66227
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-07209 // 
            
            
            
            JVNDB: JVNDB-2015-008010

EXTERNAL IDS
db:NVDid:CVE-2015-7843
Trust: 3.4
db:BIDid:76836
Trust: 2.6
db:JVNDBid:JVNDB-2015-008010
Trust: 0.8
db:CNNVDid:CNNVD-201510-690
Trust: 0.7
db:CNVDid:CNVD-2015-07209
Trust: 0.6
db:VULHUBid:VHN-85804
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-07209 // 
            
            
            
            VULHUB: VHN-85804 // 
            
            
            
            BID: 76836 // 
            
            
            
            JVNDB: JVNDB-2015-008010 // 
            
            
            
            CNNVD: CNNVD-201510-690 // 
            
            
            
            NVD: CVE-2015-7843

REFERENCES
url:http://www.securityfocus.com/bid/76836
Trust: 2.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454418.htm
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7843
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7843
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-456219.htm
Trust: 0.3
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-454418.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-07209 // 
            
            
            
            VULHUB: VHN-85804 // 
            
            
            
            BID: 76836 // 
            
            
            
            JVNDB: JVNDB-2015-008010 // 
            
            
            
            CNNVD: CNNVD-201510-690 // 
            
            
            
            NVD: CVE-2015-7843

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 76836

SOURCES
db:CNVDid:CNVD-2015-07209
db:VULHUBid:VHN-85804
db:BIDid:76836
db:JVNDBid:JVNDB-2015-008010
db:CNNVDid:CNNVD-201510-690
db:NVDid:CVE-2015-7843

LAST UPDATE DATE
2025-04-20T23:25:56.821000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-07209date:2015-11-04T00:00:00
db:VULHUBid:VHN-85804date:2017-10-23T00:00:00
db:BIDid:76836date:2015-11-03T20:11:00
db:JVNDBid:JVNDB-2015-008010date:2017-10-31T00:00:00
db:CNNVDid:CNNVD-201510-690date:2015-10-29T00:00:00
db:NVDid:CVE-2015-7843date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-07209date:2015-11-04T00:00:00
db:VULHUBid:VHN-85804date:2017-10-03T00:00:00
db:BIDid:76836date:2015-09-23T00:00:00
db:JVNDBid:JVNDB-2015-008010date:2017-10-31T00:00:00
db:CNNVDid:CNNVD-201510-690date:2015-09-23T00:00:00
db:NVDid:CVE-2015-7843date:2017-10-03T01:29:00.840