7.8

CVE-2015-2800

EPSS 2.8%
Veröffentlicht 08.06.2017 16:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ S5700 Firmware Version <= v200r001c00spc300

Huawei ≫ Campus S5700 Version-

Huawei ≫ S5300 Firmware Version <= v200r001c00spc300

Huawei ≫ Campus S5300 Version-

Huawei ≫ S6300 Firmware Version <= v200r001c00spc300

Huawei ≫ Campus S6300 Version-

Huawei ≫ S6700 Firmware Version <= v200r001c00spc300

Huawei ≫ Campus S6700 Version-

Huawei ≫ S7700 Firmware Version <= v200r001c00spc300

Huawei ≫ Campus S7700 Version-

Huawei ≫ S9300 Firmware Version <= v200r001c00spc300

Huawei ≫ Campus S9300 Version-

Huawei ≫ S9700 Firmware Version <= v200r001c00spc300

Huawei ≫ Campus S9700 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.8%	0.849

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-418554.htm

Third Party Advisory

Vendor Advisory

http://www.securityfocus.com/bid/73355

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2015-2800

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-2800

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-2800

EUVD