CVE-2017-15327 - Vulnerability Details

S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	S12700 S12700 Firmware S7700 S7700 Firmware S9700 S9700 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:s12700_firmware:v200r005c00:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r006c00:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r006c01:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r007c01:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r007c20:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r008c00:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r008c06:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:huawei:s7700_firmware:v200r001c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r001c01:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r002c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r003c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r005c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r006c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r006c01:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r007c01:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r008c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r008c06:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:huawei:s9700_firmware:v200r001c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r001c01:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r002c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r003c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r005c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r006c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r006c01:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r007c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r007c01:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r008c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r009c00:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r010c00:::::::*

cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2018-04-11T17:00:00

Updated: 2024-08-05T19:50:16.457Z

Reserved: 2017-10-14T00:00:00

Link: CVE-2017-15327

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-04-11T17:29:00.147

Modified: 2024-11-21T03:14:28.293

Link: CVE-2017-15327

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object