Details of VAR-201802-0533

ID

VAR-201802-0533

CVE

CVE-2017-15352

TITLE

plural Huawei OceanStor Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-012415

DESCRIPTION

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal. plural Huawei OceanStor The product contains an access control vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Huawei OceanStor series is a unified storage product based on the fusion concept and optimized for flash memory. It meets the requirements of cloud system for higher performance, lower latency and more flexibility of storage systems. A number of Huawei OceanStor products have access control vulnerabilities because the device failed to properly control access to some resources. Huawei OceanStor 2800 V3 and others are storage systems for mid-to-high-end storage produced by China's Huawei (Huawei). The following products and versions are affected: Huawei OceanStor 2800 V3 V300R003C00 Version, V300R003C20 Version; OceanStor 5300 V3 V300R003C00 Version, V300R003C10 Version, V300R003C20 Version; OceanStor 5500 V3 V300R003C00 Version, V300R003C10 Version, V300R003C20 Version; OceanStor 5600 V3 V300R003C00 Version, V300R003C10 Version, V300R003C20 version; OceanStor 5800 V3 V300R003C00 version, V300R003C10 version, and V300R003C20 version

Trust: 2.25

sources: NVD: CVE-2017-15352 // JVNDB: JVNDB-2017-012415 // CNVD: CNVD-2017-35025 // VULHUB: VHN-106166

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-35025

AFFECTED PRODUCTS

vendor:	huawei	model:	oceanstor 5500	scope:	eq	version:	v300r003c00	Trust: 1.6
vendor:	huawei	model:	oceanstor 5800	scope:	eq	version:	v300r003c20	Trust: 1.6
vendor:	huawei	model:	oceanstor 5800	scope:	eq	version:	v300r003c10	Trust: 1.6
vendor:	huawei	model:	oceanstor 5300	scope:	eq	version:	v300r003c20	Trust: 1.6
vendor:	huawei	model:	oceanstor 5800	scope:	eq	version:	v300r003c00	Trust: 1.6
vendor:	huawei	model:	oceanstor 5600	scope:	eq	version:	v300r003c10	Trust: 1.6
vendor:	huawei	model:	oceanstor 5600	scope:	eq	version:	v300r003c20	Trust: 1.6
vendor:	huawei	model:	oceanstor 5500	scope:	eq	version:	v300r003c10	Trust: 1.6
vendor:	huawei	model:	oceanstor 5500	scope:	eq	version:	v300r003c20	Trust: 1.6
vendor:	huawei	model:	oceanstor 5600	scope:	eq	version:	v300r003c00	Trust: 1.6
vendor:	huawei	model:	oceanstor 5300	scope:	eq	version:	v300r003c10	Trust: 1.0
vendor:	huawei	model:	oceanstor 2800	scope:	eq	version:	v300r003c20	Trust: 1.0
vendor:	huawei	model:	oceanstor 2800	scope:	eq	version:	v300r003c00	Trust: 1.0
vendor:	huawei	model:	oceanstor 5300	scope:	eq	version:	v300r003c00	Trust: 1.0
vendor:	huawei	model:	oceanstor 2800 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	oceanstor 5300 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	oceanstor 5500 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	oceanstor 5600 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	oceanstor 5800 v3	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	oceanstor v300r003c00	scope:	eq	version:	5600	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r006c00	scope:	eq	version:	2600v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r001c00	scope:	eq	version:	2800v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c00	scope:	eq	version:	2800v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c20	scope:	eq	version:	2800v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c00	scope:	eq	version:	5800v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c10	scope:	eq	version:	5800v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c20	scope:	eq	version:	5800v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c10	scope:	eq	version:	5600v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c20	scope:	eq	version:	5600v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c00	scope:	eq	version:	5500v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c10	scope:	eq	version:	5500v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c20	scope:	eq	version:	5500v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c00	scope:	eq	version:	5300v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c10	scope:	eq	version:	5300v3	Trust: 0.6
vendor:	huawei	model:	oceanstor v300r003c20	scope:	eq	version:	5300v3	Trust: 0.6

sources: CNVD: CNVD-2017-35025 // JVNDB: JVNDB-2017-012415 // CNNVD: CNNVD-201711-1126 // NVD: CVE-2017-15352

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-15352
value:	LOW
Trust: 1.0
NVD:	CVE-2017-15352
value:	LOW
Trust: 0.8
CNVD:	CNVD-2017-35025
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-1126
value:	LOW
Trust: 0.6
VULHUB:	VHN-106166
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-15352
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:H/AU:S/C:P/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	2.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-35025
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-106166
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:H/AU:S/C:P/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	2.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-15352
baseSeverity:	LOW
baseScore:	3.1
vectorString:	CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	0.5
impactScore:	2.5
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-35025 // VULHUB: VHN-106166 // JVNDB: JVNDB-2017-012415 // CNNVD: CNNVD-201711-1126 // NVD: CVE-2017-15352

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-106166 // JVNDB: JVNDB-2017-012415 // NVD: CVE-2017-15352

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201711-1126

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201711-1126

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012415

PATCH

title:	huawei-sa-20171122-01-oceanstor	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en	Trust: 0.8
title:	Patches for Huawei OceanStor Series Access Control Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/106696	Trust: 0.6
title:	Multiple Huawei Product access control error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76786	Trust: 0.6

sources: CNVD: CNVD-2017-35025 // JVNDB: JVNDB-2017-012415 // CNNVD: CNNVD-201711-1126

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15352	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-012415	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-1126	Trust: 0.7
db:	CNVD	id:	CNVD-2017-35025	Trust: 0.6
db:	VULHUB	id:	VHN-106166	Trust: 0.1

sources: CNVD: CNVD-2017-35025 // VULHUB: VHN-106166 // JVNDB: JVNDB-2017-012415 // CNNVD: CNNVD-201711-1126 // NVD: CVE-2017-15352

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15352	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15352	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171122-01-oceanstor-cn	Trust: 0.6

sources: CNVD: CNVD-2017-35025 // VULHUB: VHN-106166 // JVNDB: JVNDB-2017-012415 // CNNVD: CNNVD-201711-1126 // NVD: CVE-2017-15352

CREDITS

Huawei internal tester

Trust: 0.6

sources: CNNVD: CNNVD-201711-1126

SOURCES

db:	CNVD	id:	CNVD-2017-35025
db:	VULHUB	id:	VHN-106166
db:	JVNDB	id:	JVNDB-2017-012415
db:	CNNVD	id:	CNNVD-201711-1126
db:	NVD	id:	CVE-2017-15352

LAST UPDATE DATE

2024-11-23T22:06:59.865000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-35025	date:	2017-11-23T00:00:00
db:	VULHUB	id:	VHN-106166	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-012415	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201711-1126	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-15352	date:	2024-11-21T03:14:31.633

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-35025	date:	2017-11-23T00:00:00
db:	VULHUB	id:	VHN-106166	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-012415	date:	2018-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201711-1126	date:	2017-11-30T00:00:00
db:	NVD	id:	CVE-2017-15352	date:	2018-02-15T16:29:01.347