CVE-2015-2800

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

he user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.

References

Link	Resource
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm	Third Party Advisory Vendor Advisory
http://www.securityfocus.com/bid/73355	Third Party Advisory VDB Entry
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm	Third Party Advisory Vendor Advisory
http://www.securityfocus.com/bid/73355	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:s5700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:campus_s5700:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:s5300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:campus_s5300:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:s6300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:campus_s6300:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:s6700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:campus_s6700:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:huawei:s7700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:campus_s7700:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:huawei:s9300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:campus_s9300:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:huawei:s9700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:campus_s9700:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:28

Type	Values Removed	Values Added
References	~~() http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm - Third Party Advisory, Vendor Advisory~~	() http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm - Third Party Advisory, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/73355 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/73355 - Third Party Advisory, VDB Entry

Information

Published : 2017-06-08 16:29

Updated : 2025-04-20 01:37

NVD link : CVE-2015-2800

Mitre link : CVE-2015-2800

CVE.ORG link : CVE-2015-2800

JSON object : View

Products Affected

huawei

CWE

CWE-287

Improper Authentication

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2015-2800

7.5^/10

7.8^/10

Attach tags to `CVE-2015-2800`