Vulnerabilites related to huawei - uma
CVE-2017-8122 (GCVE-0-2017-8122)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-16 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- privilege elevation
Summary
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"name": "101961",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege elevation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T10:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"name": "101961",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101961"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"name": "101961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101961"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8122",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T20:32:07.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8129 (GCVE-0-2017-8129)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-17 01:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- privilege elevation
Summary
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 and V300R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001 and V300R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege elevation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001 and V300R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8129",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T01:11:30.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8125 (GCVE-0-2017-8125)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-17 02:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- XSS
Summary
The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 and V300R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001 and V300R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001 and V300R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8125",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T02:11:20.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7109 (GCVE-0-2016-7109)
Vulnerability from cvelistv5
Published
2016-09-07 19:00
Modified
2024-08-06 01:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92617",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92617"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7110."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-07T18:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92617",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92617"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7110."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92617"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7109",
"datePublished": "2016-09-07T19:00:00",
"dateReserved": "2016-08-29T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8126 (GCVE-0-2017-8126)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-17 02:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- privilege elevation
Summary
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege elevation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8126",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T02:53:18.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8123 (GCVE-0-2017-8123)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-17 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- privilege elevation
Summary
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege elevation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8123",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T02:51:47.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15329 (GCVE-0-2017-15329)
Vulnerability from cvelistv5
Published
2018-02-15 16:00
Modified
2024-08-05 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001C00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001C00"
}
]
}
],
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T15:57:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-15329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-15329",
"datePublished": "2018-02-15T16:00:00",
"dateReserved": "2017-10-14T00:00:00",
"dateUpdated": "2024-08-05T19:50:16.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8127 (GCVE-0-2017-8127)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-16 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- XSS
Summary
The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8127",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T18:38:18.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8120 (GCVE-0-2017-8120)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-16 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- privilege elevation
Summary
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 and V300R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001 and V300R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege elevation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001 and V300R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8120",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T17:19:03.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8121 (GCVE-0-2017-8121)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-17 00:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- leak vulnerabilities
Summary
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "leak vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "leak vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8121",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T00:51:56.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7107 (GCVE-0-2016-7107)
Vulnerability from cvelistv5
Published
2016-09-07 19:00
Modified
2024-08-06 01:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en"
},
{
"name": "92619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-07T18:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en"
},
{
"name": "92619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92619"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en"
},
{
"name": "92619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92619"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7107",
"datePublished": "2016-09-07T19:00:00",
"dateReserved": "2016-08-29T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8118 (GCVE-0-2017-8118)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-16 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- leak vulnerabilities
Summary
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 and V300R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001 and V300R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "leak vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001 and V300R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "leak vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8118",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T23:10:49.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0708 (GCVE-0-2019-0708)
Vulnerability from cvelistv5
Published
2019-05-16 18:17
Modified
2025-07-30 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Windows |
Version: 7 for 32-bit Systems Service Pack 1 Version: 7 for x64-based Systems Service Pack 1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:51:27.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-0708",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:17:22.676231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0708"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:46:03.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2019-0708 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Windows",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "7 for x64-based Systems Service Pack 1"
}
]
},
{
"product": "Windows Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
},
{
"status": "affected",
"version": "2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
},
{
"status": "affected",
"version": "2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Remote Desktop Services Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-03T17:06:16.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows",
"version": {
"version_data": [
{
"version_value": "7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "7 for x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server",
"version": {
"version_data": [
{
"version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
},
{
"version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
},
{
"version_value": "2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Remote Desktop Services Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
},
{
"name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
},
{
"name": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
},
{
"name": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
},
{
"name": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
},
{
"name": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
},
{
"name": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0708",
"datePublished": "2019-05-16T18:17:00.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:46:03.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8130 (GCVE-0-2017-8130)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-16 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- leak vulnerabilities
Summary
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 and V300R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001 and V300R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "leak vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001 and V300R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "leak vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8130",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T20:31:32.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8128 (GCVE-0-2017-8128)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-17 01:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- privilege elevation
Summary
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 and V300R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001 and V300R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege elevation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001 and V300R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8128",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T01:41:17.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7108 (GCVE-0-2016-7108)
Vulnerability from cvelistv5
Published
2016-09-07 19:00
Modified
2024-08-06 01:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en"
},
{
"name": "92619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-07T18:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en"
},
{
"name": "92619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92619"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en"
},
{
"name": "92619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92619"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7108",
"datePublished": "2016-09-07T19:00:00",
"dateReserved": "2016-08-29T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7110 (GCVE-0-2016-7110)
Vulnerability from cvelistv5
Published
2016-09-07 19:00
Modified
2024-08-06 01:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92617",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92617"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7109."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-07T18:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92617",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92617"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7109."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92617"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7110",
"datePublished": "2016-09-07T19:00:00",
"dateReserved": "2016-08-29T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8124 (GCVE-0-2017-8124)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-16 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- privilege elevation
Summary
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege elevation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8124",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T19:05:42.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8117 (GCVE-0-2017-8117)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-17 00:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- privilege elevation
Summary
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 and V300R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001 and V300R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege elevation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001 and V300R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8117",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T00:06:02.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8119 (GCVE-0-2017-8119)
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-17 02:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- privilege elevation
Summary
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | UMA |
Version: V200R001 and V300R001 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UMA",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V200R001 and V300R001"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege elevation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001 and V300R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8119",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T02:26:42.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:uma:v300r001:*:*:*:*:*:*:*",
"matchCriteriaId": "5B540927-20DA-4B1F-BF8E-2B7D06D2A32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de Cross-Site Scripting (XSS) debido a una validaci\u00f3n de entradas insuficiente. Un atacante podr\u00eda manipular enlaces o scripts maliciosos para lanzar ataques de XSS."
}
],
"id": "CVE-2017-8125",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.413",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 tiene una vulnerabilidad de Cross-Site Scripting (XSS) debido a una validaci\u00f3n de entradas insuficiente. Un atacante podr\u00eda manipular enlaces o scripts maliciosos para lanzar ataques de XSS."
}
],
"id": "CVE-2017-8127",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.490",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-07 19:28
Modified
2025-04-12 10:46
Severity ?
Summary
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/92617 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92617 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA27402F-C69C-4113-8A3D-E36B868E31FC",
"versionEndIncluding": "v200r001c00spc100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7110."
},
{
"lang": "es",
"value": "Huawei Unified Maintenance Audit (UMA) en versiones anteriores a V200R001C00SPC200 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de \"caracteres especiales\", una vulnerabilidad diferente a CVE-2016-7110."
}
],
"id": "CVE-2016-7109",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-07T19:28:24.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92617"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-15 16:29
Modified
2024-11-21 03:14
Severity ?
Summary
Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | uma_firmware | v200r001c00 | |
| huawei | uma | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:uma_firmware:v200r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "207D80F3-6DB4-4BDE-AE72-38BAF4EE2B67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:uma:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1940680-0927-4E56-83E3-3525797978B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries."
},
{
"lang": "es",
"value": "Huawei UMA V200R001C00 tiene una vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo de operaci\u00f3n y mantenimiento. Un atacante inicia sesi\u00f3n en el sistema como usuario com\u00fan y env\u00eda peticiones HTTP manipuladas que contienen instrucciones SQL al sistema afectado. Debido a la falta de validaci\u00f3n de entradas de peticiones HTTP que contienen entradas proporcionadas por el usuario, la explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante ejecute consultas SQL arbitrarias."
}
],
"id": "CVE-2017-15329",
"lastModified": "2024-11-21T03:14:28.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-15T16:29:00.203",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-07 19:28
Modified
2025-04-12 10:46
Severity ?
Summary
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/92617 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92617 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA27402F-C69C-4113-8A3D-E36B868E31FC",
"versionEndIncluding": "v200r001c00spc100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7109."
},
{
"lang": "es",
"value": "Huawei Unified Maintenance Audit (UMA) en versiones anteriores a V200R001C00SPC200 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de \"caracteres especiales\", una vulnerabilidad diferente a CVE-2016-7109."
}
],
"id": "CVE-2016-7110",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-07T19:28:25.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92617"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:uma:v300r001:*:*:*:*:*:*:*",
"matchCriteriaId": "5B540927-20DA-4B1F-BF8E-2B7D06D2A32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de elevaci\u00f3n de privilegios debido a una validaci\u00f3n insuficiente o al procesamiento incorrecto de par\u00e1metros. Un atacante podr\u00eda manipular paquetes espec\u00edficos para explotar estas vulnerabilidades y obtener privilegios elevados."
}
],
"id": "CVE-2017-8129",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.567",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:uma:v300r001:*:*:*:*:*:*:*",
"matchCriteriaId": "5B540927-20DA-4B1F-BF8E-2B7D06D2A32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de elevaci\u00f3n de privilegios debido a una validaci\u00f3n insuficiente o al procesamiento incorrecto de par\u00e1metros. Un atacante podr\u00eda manipular paquetes espec\u00edficos para explotar estas vulnerabilidades y obtener privilegios elevados."
}
],
"id": "CVE-2017-8117",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.100",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-16 19:29
Modified
2025-04-07 18:22
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html | Exploit, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html | Exploit, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html | Exploit, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en | Third Party Advisory | |
| secure@microsoft.com | http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en | Third Party Advisory | |
| secure@microsoft.com | https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf | Third Party Advisory | |
| secure@microsoft.com | https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf | Third Party Advisory | |
| secure@microsoft.com | https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf | Third Party Advisory | |
| secure@microsoft.com | https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf | Third Party Advisory | |
| secure@microsoft.com | https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf | Third Party Advisory | |
| secure@microsoft.com | https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf | Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_7 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| siemens | axiom_multix_m_firmware | * | |
| siemens | axiom_multix_m | - | |
| siemens | axiom_vertix_md_trauma_firmware | * | |
| siemens | axiom_vertix_md_trauma | - | |
| siemens | axiom_vertix_solitaire_m_firmware | * | |
| siemens | axiom_vertix_solitaire_m | - | |
| siemens | mobilett_xp_digital_firmware | * | |
| siemens | mobilett_xp_digital | - | |
| siemens | multix_pro_acss_p_firmware | * | |
| siemens | multix_pro_acss_p | - | |
| siemens | multix_pro_p_firmware | * | |
| siemens | multix_pro_p | - | |
| siemens | multix_pro_firmware | * | |
| siemens | multix_pro | - | |
| siemens | multix_pro_acss_firmware | * | |
| siemens | multix_pro_acss | - | |
| siemens | multix_pro_navy_firmware | * | |
| siemens | multix_pro_navy | - | |
| siemens | multix_swing_firmware | * | |
| siemens | multix_swing | - | |
| siemens | multix_top_firmware | * | |
| siemens | multix_top | - | |
| siemens | multix_top_acss_firmware | * | |
| siemens | multix_top_acss | - | |
| siemens | multix_top_p_firmware | * | |
| siemens | multix_top_p | - | |
| siemens | multix_top_acss_p_firmware | * | |
| siemens | multix_top_acss_p | - | |
| siemens | vertix_solitaire_firmware | * | |
| siemens | vertix_solitaire | - | |
| siemens | atellica_solution_firmware | * | |
| siemens | atellica_solution | - | |
| siemens | aptio_firmware | * | |
| siemens | aptio | - | |
| siemens | streamlab_firmware | * | |
| siemens | streamlab | - | |
| siemens | centralink_firmware | * | |
| siemens | centralink | - | |
| siemens | viva_e_firmware | * | |
| siemens | viva_e | - | |
| siemens | viva_twin_firmware | * | |
| siemens | viva_twin | - | |
| siemens | syngo_lab_process_manager | * | |
| siemens | rapidpoint_500_firmware | * | |
| siemens | rapidpoint_500 | - | |
| siemens | lantis_firmware | * | |
| siemens | lantis | - | |
| huawei | agile_controller-campus_firmware | v100r002c00 | |
| huawei | agile_controller-campus_firmware | v100r002c10 | |
| huawei | agile_controller-campus | - | |
| huawei | bh620_v2_firmware | v100r002c00 | |
| huawei | bh620_v2 | - | |
| huawei | bh621_v2_firmware | v100r002c00 | |
| huawei | bh621_v2 | - | |
| huawei | bh622_v2_firmware | v100r001c00 | |
| huawei | bh622_v2 | - | |
| huawei | bh640_v2_firmware | v100r002c00 | |
| huawei | bh640_v2 | - | |
| huawei | ch121_firmware | v100r001c00 | |
| huawei | ch121 | - | |
| huawei | ch140_firmware | v100r001c00 | |
| huawei | ch140 | - | |
| huawei | ch220_firmware | v100r001c00 | |
| huawei | ch220 | - | |
| huawei | ch221_firmware | v100r001c00 | |
| huawei | ch221 | - | |
| huawei | ch222_firmware | v100r002c00 | |
| huawei | ch222 | - | |
| huawei | ch240_firmware | v100r001c00 | |
| huawei | ch240 | - | |
| huawei | ch242_firmware | v100r001c00 | |
| huawei | ch242 | - | |
| huawei | ch242_v3_firmware | v100r001c00 | |
| huawei | ch242_v3 | - | |
| huawei | e6000_firmware | v100r002c00 | |
| huawei | e6000 | - | |
| huawei | e6000_chassis_firmware | v100r001c00 | |
| huawei | e6000_chassis | - | |
| huawei | gtsoftx3000_firmware | v200r001c01spc100 | |
| huawei | gtsoftx3000_firmware | v200r002c00spc300 | |
| huawei | gtsoftx3000_firmware | v200r002c10spc100 | |
| huawei | gtsoftx3000 | - | |
| huawei | oceanstor_18500_firmware | v100r001c30spc300 | |
| huawei | oceanstor_18500 | - | |
| huawei | oceanstor_18800_firmware | v100r001c30spc300 | |
| huawei | oceanstor_18800 | - | |
| huawei | oceanstor_18800f_firmware | v100r001c30spc300 | |
| huawei | oceanstor_18800f | - | |
| huawei | oceanstor_hvs85t_firmware | v100r001c00 | |
| huawei | oceanstor_hvs85t_firmware | v100r001c30spc200 | |
| huawei | oceanstor_hvs85t | - | |
| huawei | oceanstor_hvs88t_firmware | v100r001c00 | |
| huawei | oceanstor_hvs88t_firmware | v100r001c30spc200 | |
| huawei | oceanstor_hvs88t | - | |
| huawei | rh1288_v2_firmware | v100r002c00 | |
| huawei | rh1288_v2 | - | |
| huawei | rh1288a_v2_firmware | v100r002c00 | |
| huawei | rh1288a_v2 | - | |
| huawei | rh2265_v2_firmware | v100r002c00 | |
| huawei | rh2265_v2 | - | |
| huawei | rh2268_v2_firmware | v100r002c00 | |
| huawei | rh2268_v2 | - | |
| huawei | rh2285_v2_firmware | v100r002c00 | |
| huawei | rh2285_v2 | - | |
| huawei | rh2285h_v2_firmware | v100r002c00 | |
| huawei | rh2285h_v2 | - | |
| huawei | rh2288_v2_firmware | v100r002c00 | |
| huawei | rh2288_v2 | - | |
| huawei | rh2288a_v2_firmware | v100r002c00 | |
| huawei | rh2288a_v2 | - | |
| huawei | rh2288e_v2_firmware | v100r002c00 | |
| huawei | rh2288e_v2 | - | |
| huawei | rh2288h_v2_firmware | v100r002c00 | |
| huawei | rh2288h_v2 | - | |
| huawei | rh2485_v2_firmware | v100r002c00 | |
| huawei | rh2485_v2 | - | |
| huawei | rh5885_v2_firmware | v100r001c00 | |
| huawei | rh5885_v2 | - | |
| huawei | rh5885_v3_firmware | v100r003c00 | |
| huawei | rh5885_v3 | - | |
| huawei | smc2.0_firmware | v500r002c00 | |
| huawei | smc2.0_firmware | v600r006c00 | |
| huawei | smc2.0 | - | |
| huawei | seco_vsm_firmware | v200r002c00 | |
| huawei | seco_vsm | - | |
| huawei | uma_firmware | v200r001c00 | |
| huawei | uma_firmware | v300r001c00 | |
| huawei | uma | - | |
| huawei | x6000_firmware | v100r002c00 | |
| huawei | x6000 | - | |
| huawei | x8000_firmware | v100r002c20 | |
| huawei | x8000 | - | |
| huawei | elog_firmware | v200r003c10 | |
| huawei | elog | - | |
| huawei | espace_ecs_firmware | v300r001c00 | |
| huawei | espace_ecs | - |
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Remote Desktop Services Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:axiom_multix_m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB36445-3462-4398-84F9-1387A7436FC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:axiom_multix_m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66829DE2-25D6-4FF5-B1AA-6637AE053ACE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:axiom_vertix_md_trauma_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "733840A0-5D17-4D92-BB45-357E39CC9190",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:axiom_vertix_md_trauma:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FAFB504-D8F4-4589-9D25-616CB38BF257",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:axiom_vertix_solitaire_m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B1B857-3051-4312-A997-99570D567D74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:axiom_vertix_solitaire_m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86974C5C-C4A4-4109-B5DC-85D4F01E94D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:mobilett_xp_digital_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7392294B-487E-4B31-B6A5-560C4F547338",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:mobilett_xp_digital:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC524FD4-B53D-4E22-A9A9-33EB73811CF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:multix_pro_acss_p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB111CF-1760-45FE-A005-68965EEB9034",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:multix_pro_acss_p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46335917-7477-47B9-9D03-079D0AFD6121",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:multix_pro_p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72E96638-0DE1-4370-B0FC-8E418BD74C71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:multix_pro_p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9E130C-EB9B-46F2-A67A-1CB22F67E3CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:multix_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE644ED-DFE9-4F11-9C8B-E5EA6CF6BA1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:multix_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C221669-D976-4C2B-8634-2FB0583F27A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:multix_pro_acss_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA78BA8-8443-441D-B629-5F5652296566",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:multix_pro_acss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F39B002A-3FCC-4F73-8BEA-575BD000C49F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:multix_pro_navy_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B6D8DF-5F9B-469E-B8F1-D59021B5D1A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:multix_pro_navy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "284692FE-2298-43F8-B59E-F86BA2453146",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:multix_swing_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD4D073-FA45-4D28-BF69-0A706C61BA32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:multix_swing:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69644600-D356-45A7-9E8B-91458255C252",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:multix_top_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFC6443-6826-4C1F-95D7-621EA0C5B547",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:multix_top:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29DFEA58-1949-41EF-AF8A-A01E2BD64ABE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:multix_top_acss_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0BDAE-DA78-439B-8368-E861BAB682EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:multix_top_acss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68111C12-7DD9-4DB3-AC80-B95A5A063A09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:multix_top_p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B92FD292-31EB-448B-BD86-8D14A758A254",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:multix_top_p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161AD776-6029-43EA-BDDA-FC8357699C33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:multix_top_acss_p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3A3B2B-D371-49D4-B7C1-A00595282EC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:multix_top_acss_p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "610660AA-0AA6-434E-B824-80AE565570B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:vertix_solitaire_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1282797-1448-4B11-825F-49863AD4BDC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:vertix_solitaire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4A8BC9-0249-45EB-91D7-1B57491F4951",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:atellica_solution_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32E9780A-0015-4245-9CAE-D7573D8C4268",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:atellica_solution:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B264A65-9109-4629-8F20-1DD6728FAD7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:aptio_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "502E501A-78A0-4074-BC7D-7BAFE4386337",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:aptio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8C9706-43E8-48E5-913C-FE0FDEEB489F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:streamlab_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "195AD327-F323-4902-9CDB-4C7C1B3D1F3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:streamlab:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD03E0CF-4707-4C95-8703-264429D52996",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:centralink_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D56D3C8-5731-4EE2-B79B-BB74163E3D62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:centralink:-:*:*:*:*:*:*:*",
"matchCriteriaId": "500986D3-3A08-46C4-9482-88CFA6ED61B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:viva_e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2405D2-7048-4541-9526-AA2B88D2A38B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:viva_e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "745742F2-A291-470B-8EB1-482A23873737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:viva_twin_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D64A2198-C839-43A8-BFEB-D575B372DD7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:viva_twin:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA780EE3-B6AB-4393-9997-D09CBB433C51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:syngo_lab_process_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B232D046-AD22-445F-8EE0-EED30BCA9DAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:rapidpoint_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF1E341-5481-494A-BAFF-E080E39C9DA7",
"versionEndIncluding": "2.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:rapidpoint_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4806F5-0292-45BA-96B9-422958D0CB0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:lantis_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8CA8D2-1BA4-4B58-969D-DBA7F72DA755",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:lantis:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06FF378C-EAAD-4808-9246-010AC0A17E90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B574A3-5FCD-4F3E-932D-10334180F4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c10:*:*:*:*:*:*:*",
"matchCriteriaId": "81635D07-BFBF-4485-B4CF-9C05620DB447",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:agile_controller-campus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592559FB-7551-4327-9ECE-9325F4173C85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:bh620_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAA4664-EB38-4693-88AD-F226D7A07C93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:bh620_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D21222-A1F6-4312-B833-6576F75820C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:bh621_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "FC40CC46-D679-42F8-B2C2-FF3EDA28BCF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:bh621_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11D61715-5074-41EC-A50F-5C347D85266F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:bh622_v2_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "617A06EA-67C0-4714-B8D8-2602E0E34029",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:bh622_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E191F04-E8BE-4D73-89D0-42C2DB288C4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:bh640_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "93792886-51EE-4172-ACED-F195F0556A98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:bh640_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBB2CA0-7556-42E8-B7C7-57F1C6477CFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch121_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "668E5527-0E2F-40CD-8857-B720A6C9B802",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch121:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA223DE5-F37C-4451-96A9-9DFA479591AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch140_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D565C-DC70-4978-BF91-79DD99FA347C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB768F1-FA54-4043-B538-31783D941CC9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch220_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D7D307-43F7-43AD-AA2E-F0DB66F7F9D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED03ED73-8B5C-4369-8F3A-68497718B488",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch221_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "685452C8-9B87-4FBC-9E27-0DF5F2B44807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "211005F7-2DAA-40EC-9B92-D2E866052E84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch222_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E41FE7C8-77B4-4EC7-83C3-F587BDC8A18D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch222:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21FB1E88-3CB4-48FE-9F52-AA12D40DB944",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch240_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC1DD2F-DE32-4EA6-9539-792FCBDEF20D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74027C23-3637-4ABE-A697-B20FD7B94162",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "6185FD57-FE4F-43E2-A3EA-3AA5A299A05D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8DA951-047B-4A88-A851-9663F2EC2CEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ch242_v3_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "563AC0A9-568C-4010-9142-28C88349B587",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2637E43-1937-4320-AAF4-3770C332B66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:e6000_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "774E8CD3-3E77-41EB-ABC9-CE885CC90FA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:e6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F66D29E-0B7F-45D3-BECC-21952F4A4850",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:e6000_chassis_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "3057065D-9D25-4BE2-8392-48405063E821",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:e6000_chassis:-:*:*:*:*:*:*:*",
"matchCriteriaId": "748D3A0F-12FA-4755-969B-45D7B3D55147",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r001c01spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "14C6D34F-BFE4-420C-B496-E4D82783ED7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r002c00spc300:*:*:*:*:*:*:*",
"matchCriteriaId": "8F646FC2-3A77-4971-BACC-D0CA7B9379DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r002c10spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "C98EEDBC-42C6-4896-83A5-8EE175F4710C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:gtsoftx3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43C5827F-092C-4A94-A907-F653A55C280D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:oceanstor_18500_firmware:v100r001c30spc300:*:*:*:*:*:*:*",
"matchCriteriaId": "22D7738B-B2B1-423C-A7C6-A73280F085C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:oceanstor_18500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AAE27E-EB13-43E2-A7F4-7973977AD936",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:oceanstor_18800_firmware:v100r001c30spc300:*:*:*:*:*:*:*",
"matchCriteriaId": "5B908D26-6C4F-4955-A284-39C4C338AEBF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:oceanstor_18800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B196FDFF-8A1D-4E7D-895A-1D09ADACC396",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:oceanstor_18800f_firmware:v100r001c30spc300:*:*:*:*:*:*:*",
"matchCriteriaId": "C46963C2-0175-4933-A2A1-4CFBA3FF4586",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:oceanstor_18800f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E675B6C-C847-486F-8946-F98E271E1DC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "6188E188-7CA7-4415-835D-738A684B7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:v100r001c30spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "981C1A1D-352D-478A-BF04-F1D9A71C86D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:oceanstor_hvs85t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "675CCB4F-BB76-45DC-9E6E-3BD279995084",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:oceanstor_hvs88t_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "B9A7C688-25E6-457B-AFBF-657EDE621FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:oceanstor_hvs88t_firmware:v100r001c30spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "31EBFCDE-7FB8-4CA7-9A2E-F94DD572B48B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:oceanstor_hvs88t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3C47BF-7FAA-4A6C-BBDC-CC8D28CCA611",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh1288_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA159F6-CE6C-4EC9-9166-718780F752CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh1288_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F24DF092-9867-4381-BDFB-5AB7116DEFD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh1288a_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3450A4-4C1A-4125-8B18-3961D69D6F0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh1288a_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E91ACB-82D0-4A4E-9157-5142A26E577A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2265_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "485D4E2A-7697-40CD-92E4-0B93CB898DD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2265_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3860458-155E-47F6-A37E-730DE7A363DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2268_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "1E293DFF-1C3F-4180-895D-E7BC4A14FB93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2268_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C2FB1E-2569-4AB9-95A2-DCD4AC8C7D1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2285_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "97C57B46-9085-458A-8A5B-A6F74E00F4D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2285_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38DF8C15-4086-4F70-BCD2-BDB91900C80A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2285h_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "449982CF-3F17-473D-9B58-3E1076B1CF1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2285h_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "275A2FCA-8E0A-4EFA-907B-4F6E3E954372",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "377CAD92-7563-43D9-92A3-C05B149F65E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F1478-2D24-42D5-8401-3D6BAB20A7F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288a_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A522BFBE-69E6-4DF8-83D3-27564AF88C6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288a_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CB6AA6-2424-41B2-92A7-81E788DB8396",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288e_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "AE64C9F3-EEEF-44CB-8C3B-0969D2A76C81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288e_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A446D94-F39F-461D-B935-02C87058D0AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2288h_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "56D5E59C-5824-463B-8121-57E3689DD1C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2288h_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "908E0834-8E5D-43EF-A604-AAFCA6E69767",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh2485_v2_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFBF820-E15D-4E7F-AD44-D4AE5EF208FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh2485_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2E8A9D-7BC5-40D2-B85B-61D753A4D88B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh5885_v2_firmware:v100r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "525FAA8B-734F-4B0D-8E32-9066CF9D939F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh5885_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43C7EEF7-1AF2-41D8-98A6-0237524B76C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:rh5885_v3_firmware:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "779C3401-3A97-4DFE-AD0B-E8B2A48AA04A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:rh5885_v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3BAFB9-A7C7-4199-89B2-587D650762C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:smc2.0_firmware:v500r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E7481E-B5B8-481C-AC35-A8029AA2DF7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "60E7CCC4-60A8-48FA-A9EA-7A327B3A29B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:smc2.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDBEFFB4-9742-48CC-BBA6-E5DCA281B343",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:seco_vsm_firmware:v200r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "2A756B3A-BD91-4857-869B-AF435E66BAD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:seco_vsm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7EBA07-D6A7-4C45-8C57-84E2549A4CFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:uma_firmware:v200r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "207D80F3-6DB4-4BDE-AE72-38BAF4EE2B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:uma_firmware:v300r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "429F7534-D2A9-4275-9333-0786F315037E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:uma:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1940680-0927-4E56-83E3-3525797978B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:x6000_firmware:v100r002c00:*:*:*:*:*:*:*",
"matchCriteriaId": "FF613F6D-DBC7-4A35-9A8D-B948FB3C84F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:x6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24BB4E74-B9A6-4C2C-AB61-A4028CDFF614",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:x8000_firmware:v100r002c20:*:*:*:*:*:*:*",
"matchCriteriaId": "48CBF1C9-1DA3-4B3C-AB00-42F41248B074",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:x8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02CCB6E7-0BF2-4762-BDD6-0F68B087CBF8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:elog_firmware:v200r003c10:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A696C2-836C-441C-875D-9D68F2DE25B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:elog:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C34C1766-B15E-4C73-AE28-F22D9296DF20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:espace_ecs_firmware:v300r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "95140BB8-911D-4F19-8C6E-DCD6FA2298AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:espace_ecs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A924CA6B-C4BB-4340-BF27-B0EE4B72F9A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Remote Desktop Services Remote Code Execution Vulnerability\u0027."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Remote Desktop Services, anteriormente conocido como Terminal Services, cuando un atacante no autenticado se conecta al sistema de destino mediante RDP y env\u00eda peticiones especialmente dise\u00f1adas, conocida como \u0027Remote Desktop Services Remote Code Execution Vulnerability\u0027."
}
],
"id": "CVE-2019-0708",
"lastModified": "2025-04-07T18:22:06.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-05-16T19:29:00.427",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@huawei.com | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en | Vendor Advisory | |
| psirt@huawei.com | http://www.securityfocus.com/bid/101961 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101961 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 tiene una vulnerabilidad de elevaci\u00f3n de privilegios debido a una validaci\u00f3n insuficiente o al procesamiento incorrecto de par\u00e1metros. Un atacante podr\u00eda manipular paquetes espec\u00edficos para explotar estas vulnerabilidades y obtener privilegios elevados."
}
],
"id": "CVE-2017-8122",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.317",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "psirt@huawei.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101961"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:uma:v300r001:*:*:*:*:*:*:*",
"matchCriteriaId": "5B540927-20DA-4B1F-BF8E-2B7D06D2A32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de elevaci\u00f3n de privilegios debido a una validaci\u00f3n insuficiente o al procesamiento incorrecto de par\u00e1metros. Un atacante podr\u00eda manipular paquetes espec\u00edficos para explotar estas vulnerabilidades y obtener privilegios elevados."
}
],
"id": "CVE-2017-8128",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.520",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-07 19:28
Modified
2025-04-12 10:46
Severity ?
Summary
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/92619 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92619 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF766F50-B584-4515-AD48-877962F9AF8B",
"versionEndIncluding": "v200r001c00spc200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors."
},
{
"lang": "es",
"value": "Huawei Unified Maintenance Audit (UMA) en versiones anteriores a V200R001C00SPC200 SPH206 permite a atacantes remotos restablecer contrase\u00f1as de usuario arbitrarias y consecuentemente afectar al sistema \u00edntegro de datos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-7107",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-07T19:28:22.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92619"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:uma:v300r001:*:*:*:*:*:*:*",
"matchCriteriaId": "5B540927-20DA-4B1F-BF8E-2B7D06D2A32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de filtrado de informaci\u00f3n. Un atacante podr\u00eda explotarla para obtener informaci\u00f3n sensible, provocando un filtrado de informaci\u00f3n."
}
],
"id": "CVE-2017-8121",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.287",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 tiene una vulnerabilidad de elevaci\u00f3n de privilegios debido a una validaci\u00f3n insuficiente o al procesamiento incorrecto de par\u00e1metros. Un atacante podr\u00eda manipular paquetes espec\u00edficos para explotar estas vulnerabilidades y obtener privilegios elevados."
}
],
"id": "CVE-2017-8126",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.460",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:uma:v300r001:*:*:*:*:*:*:*",
"matchCriteriaId": "5B540927-20DA-4B1F-BF8E-2B7D06D2A32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de filtrado de informaci\u00f3n. Un atacante podr\u00eda explotarla para obtener informaci\u00f3n sensible, provocando un filtrado de informaci\u00f3n."
}
],
"id": "CVE-2017-8130",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.600",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:uma:v300r001:*:*:*:*:*:*:*",
"matchCriteriaId": "5B540927-20DA-4B1F-BF8E-2B7D06D2A32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de elevaci\u00f3n de privilegios debido a una validaci\u00f3n insuficiente o al procesamiento incorrecto de par\u00e1metros. Un atacante podr\u00eda manipular paquetes espec\u00edficos para explotar estas vulnerabilidades y obtener privilegios elevados."
}
],
"id": "CVE-2017-8119",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.163",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:uma:v300r001:*:*:*:*:*:*:*",
"matchCriteriaId": "5B540927-20DA-4B1F-BF8E-2B7D06D2A32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de filtrado de informaci\u00f3n. Un atacante podr\u00eda explotarla para obtener informaci\u00f3n sensible, provocando un filtrado de informaci\u00f3n."
}
],
"id": "CVE-2017-8118",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.130",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 tiene una vulnerabilidad de elevaci\u00f3n de privilegios debido a una validaci\u00f3n insuficiente o al procesamiento incorrecto de par\u00e1metros. Un atacante podr\u00eda manipular paquetes espec\u00edficos para explotar estas vulnerabilidades y obtener privilegios elevados."
}
],
"id": "CVE-2017-8124",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.380",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 tiene una vulnerabilidad de elevaci\u00f3n de privilegios debido a una validaci\u00f3n insuficiente o al procesamiento incorrecto de par\u00e1metros. Un atacante podr\u00eda manipular paquetes espec\u00edficos para explotar estas vulnerabilidades y obtener privilegios elevados."
}
],
"id": "CVE-2017-8123",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.350",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-07 19:28
Modified
2025-04-12 10:46
Severity ?
Summary
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/92619 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92619 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF766F50-B584-4515-AD48-877962F9AF8B",
"versionEndIncluding": "v200r001c00spc200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors."
},
{
"lang": "es",
"value": "Huawei Unified Maintenance Audit (UMA) en versiones anteriores a V200R001C00SPC200 SPH206 permite a usuarios remotos autenticados obtener los hashes MD5 de contrase\u00f1as de usuarios arbitrarias a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-7108",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-07T19:28:23.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92619"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:uma:v200r001:*:*:*:*:*:*:*",
"matchCriteriaId": "E79DB985-9103-4B95-A435-FA2AE3C57496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:uma:v300r001:*:*:*:*:*:*:*",
"matchCriteriaId": "5B540927-20DA-4B1F-BF8E-2B7D06D2A32C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
},
{
"lang": "es",
"value": "El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de elevaci\u00f3n de privilegios debido a una validaci\u00f3n insuficiente o al procesamiento incorrecto de par\u00e1metros. Un atacante podr\u00eda manipular paquetes espec\u00edficos para explotar estas vulnerabilidades y obtener privilegios elevados."
}
],
"id": "CVE-2017-8120",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T19:29:02.210",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}