CVE-2015-2800Improper Authentication in Huawei S5300 Firmware

CWE-287Improper Authentication3 documents3 sources
Severity
7.5HIGHNVD
EPSS
2.8%
top 13.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Huawei S5300 FirmwareHuawei S5700 FirmwareHuawei S6300 Firmware+4 more
Timeline
PublishedJun 8
Latest updateMay 17

Description

The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

NVDhuawei/s5300_firmwarev200r001c00spc300
NVDhuawei/s5700_firmwarev200r001c00spc300
NVDhuawei/s6300_firmwarev200r001c00spc300
NVDhuawei/s6700_firmwarev200r001c00spc300
NVDhuawei/s7700_firmwarev200r001c00spc300

🔴Vulnerability Details

2
GHSA
GHSA-gcvx-2h24-5q48: The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9702022-05-17
CVEList
CVE-2015-2800: The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9702017-06-08
CVE-2015-2800 — Improper Authentication in Huawei | cvebase