Sign-up

ID

VAR-201811-0860


CVE

CVE-2018-7977


TITLE

Huawei Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-012288

DESCRIPTION

There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage. Huawei The product contains an information disclosure vulnerability.Information may be obtained. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios. The vulnerability is caused by the insufficient communication protection of the program

Trust: 1.71

sources: NVD: CVE-2018-7977 // JVNDB: JVNDB-2018-012288 // VULHUB: VHN-138009

AFFECTED PRODUCTS

vendor:huaweimodel:fusionsphere openstackscope:eqversion:100r006c00

Trust: 1.6

vendor:huaweimodel:fusionsphere openstackscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-012288 // CNNVD: CNNVD-201811-491 // NVD: CVE-2018-7977

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7977
value: HIGH

Trust: 1.0

NVD: CVE-2018-7977
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201811-491
value: MEDIUM

Trust: 0.6

VULHUB: VHN-138009
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7977
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-138009
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7977
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-138009 // JVNDB: JVNDB-2018-012288 // CNNVD: CNNVD-201811-491 // NVD: CVE-2018-7977

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-138009 // JVNDB: JVNDB-2018-012288 // NVD: CVE-2018-7977

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-491

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201811-491

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012288

PATCH
title:huawei-sa-20181114-01-fusionsphereurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en
Trust: 0.8
title:Huawei FusionSphere OpenStack Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86892
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012288 // 
            
            
            
            CNNVD: CNNVD-201811-491

EXTERNAL IDS
db:NVDid:CVE-2018-7977
Trust: 2.5
db:JVNDBid:JVNDB-2018-012288
Trust: 0.8
db:CNNVDid:CNNVD-201811-491
Trust: 0.7
db:VULHUBid:VHN-138009
Trust: 0.1
sources:
            
            
            VULHUB: VHN-138009 // 
            
            
            
            JVNDB: JVNDB-2018-012288 // 
            
            
            
            CNNVD: CNNVD-201811-491 // 
            
            
            
            NVD: CVE-2018-7977

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7977
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7977
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-cn
Trust: 0.6
sources:
            
            
            VULHUB: VHN-138009 // 
            
            
            
            JVNDB: JVNDB-2018-012288 // 
            
            
            
            CNNVD: CNNVD-201811-491 // 
            
            
            
            NVD: CVE-2018-7977

SOURCES
db:VULHUBid:VHN-138009
db:JVNDBid:JVNDB-2018-012288
db:CNNVDid:CNNVD-201811-491
db:NVDid:CVE-2018-7977

LAST UPDATE DATE
2024-11-23T21:52:39.033000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-138009date:2018-12-20T00:00:00
db:JVNDBid:JVNDB-2018-012288date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201811-491date:2018-11-15T00:00:00
db:NVDid:CVE-2018-7977date:2024-11-21T04:13:01.957

SOURCES RELEASE DATE
db:VULHUBid:VHN-138009date:2018-11-27T00:00:00
db:JVNDBid:JVNDB-2018-012288date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201811-491date:2018-11-15T00:00:00
db:NVDid:CVE-2018-7977date:2018-11-27T22:29:00.477