Details of VAR-201803-0201

ID

VAR-201803-0201

CVE

CVE-2017-17323

TITLE

Huawei iBMC Vulnerabilities in authorization

Trust: 0.8

sources: JVNDB: JVNDB-2017-012830

DESCRIPTION

Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure. Huawei iBMC Contains an authorization vulnerability.Information may be obtained. Huawei iBMC is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Huawei iBMC is a server embedded intelligent management system developed by China Huawei (Huawei). The system has the functions of remote operation and maintenance, fault diagnosis, intelligent management and standardized interface management. There are security vulnerabilities in Huawei iBMC V200R002C10, V200R002C20, and V200R002C30

Trust: 1.98

sources: NVD: CVE-2017-17323 // JVNDB: JVNDB-2017-012830 // BID: 103416 // VULHUB: VHN-108334

AFFECTED PRODUCTS

vendor:	huawei	model:	ibmc	scope:	eq	version:	v200r002c10	Trust: 1.6
vendor:	huawei	model:	ibmc	scope:	eq	version:	v200r002c20	Trust: 1.6
vendor:	huawei	model:	ibmc	scope:	eq	version:	v200r002c30	Trust: 1.6
vendor:	huawei	model:	ibmc	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ibmc v200r002c30	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ibmc v200r002c20	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ibmc v200r002c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	ibmc v200r002c50spc100	scope:	ne	version:	-	Trust: 0.3

sources: BID: 103416 // JVNDB: JVNDB-2017-012830 // CNNVD: CNNVD-201803-292 // NVD: CVE-2017-17323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17323
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-17323
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201803-292
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-108334
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-17323
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-108334
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17323
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-108334 // JVNDB: JVNDB-2017-012830 // CNNVD: CNNVD-201803-292 // NVD: CVE-2017-17323

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	CWE-285	Trust: 0.9

sources: VULHUB: VHN-108334 // JVNDB: JVNDB-2017-012830 // NVD: CVE-2017-17323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-292

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-292

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012830

PATCH

title:	huawei-sa-20180131-01-ibmc	url:	http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en	Trust: 0.8
title:	Huawei iBMC Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79014	Trust: 0.6

sources: JVNDB: JVNDB-2017-012830 // CNNVD: CNNVD-201803-292

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17323	Trust: 2.8
db:	JVNDB	id:	JVNDB-2017-012830	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-292	Trust: 0.7
db:	BID	id:	103416	Trust: 0.4
db:	VULHUB	id:	VHN-108334	Trust: 0.1

sources: VULHUB: VHN-108334 // BID: 103416 // JVNDB: JVNDB-2017-012830 // CNNVD: CNNVD-201803-292 // NVD: CVE-2017-17323

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17323	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17323	Trust: 0.8
url:	http://www.huawei.com/en/	Trust: 0.3

sources: VULHUB: VHN-108334 // BID: 103416 // JVNDB: JVNDB-2017-012830 // CNNVD: CNNVD-201803-292 // NVD: CVE-2017-17323

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103416

SOURCES

db:	VULHUB	id:	VHN-108334
db:	BID	id:	103416
db:	JVNDB	id:	JVNDB-2017-012830
db:	CNNVD	id:	CNNVD-201803-292
db:	NVD	id:	CVE-2017-17323

LAST UPDATE DATE

2024-11-23T22:48:46.150000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-108334	date:	2019-10-03T00:00:00
db:	BID	id:	103416	date:	2018-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-012830	date:	2018-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201803-292	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-17323	date:	2024-11-21T03:17:50.227

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-108334	date:	2018-03-09T00:00:00
db:	BID	id:	103416	date:	2018-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-012830	date:	2018-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201803-292	date:	2018-03-13T00:00:00
db:	NVD	id:	CVE-2017-17323	date:	2018-03-09T17:29:01.987