CVE-2017-15352

Published: Feb 15, 2018Modified: Nov 21, 2024

3.1

Vector

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L

Exploitability: 0.5 / Impact: 2.5

Source: NVD

Description

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.

Affected (14)

Products: Huawei: Oceanstor 2800 Firmware, Oceanstor 5300 Firmware, Oceanstor 5500 Firmware, Oceanstor 5600 Firmware, Oceanstor 5800 Firmware

Huawei

5 products

Oceanstor 2800 Firmware

Oceanstor 5300 Firmware

Oceanstor 5500 Firmware

Oceanstor 5600 Firmware

Oceanstor 5800 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Oceanstor 2800 Firmware	Version v300r003c00
Huawei Oceanstor 2800 Firmware	Version v300r003c20

Running on/with	Platform Versions
Huawei Oceanstor 2800	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Oceanstor 5300 Firmware	Version v300r003c00
Huawei Oceanstor 5300 Firmware	Version v300r003c10
Huawei Oceanstor 5300 Firmware	Version v300r003c20

Running on/with	Platform Versions
Huawei Oceanstor 5300	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Oceanstor 5500 Firmware	Version v300r003c00
Huawei Oceanstor 5500 Firmware	Version v300r003c10
Huawei Oceanstor 5500 Firmware	Version v300r003c20

Running on/with	Platform Versions
Huawei Oceanstor 5500	All versions

Configuration D

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Oceanstor 5600 Firmware	Version v300r003c00
Huawei Oceanstor 5600 Firmware	Version v300r003c10
Huawei Oceanstor 5600 Firmware	Version v300r003c20

Running on/with	Platform Versions
Huawei Oceanstor 5600	All versions

Configuration E

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Oceanstor 5800 Firmware	Version v300r003c00
Huawei Oceanstor 5800 Firmware	Version v300r003c10
Huawei Oceanstor 5800 Firmware	Version v300r003c20

Running on/with	Platform Versions
Huawei Oceanstor 5800	All versions

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.