Search criteria
15 vulnerabilities found for fusionaccess by huawei
VAR-201704-0396
Vulnerability from variot - Updated: 2025-04-20 23:36Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable. Huawei FusionAccess Software contains input validation vulnerabilities.Service operation interruption (DoS) An attack may be carried out. Huawei FusionAccess is a desktop management system for Huawei's FusionCloud desktop cloud solution from Huawei. The system distributes, maintains, and recycles virtual desktops to users through a graphical Portal interface. An input verification vulnerability exists in Huawei FusionAccess V100R005C10 and V100R005C20
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0396",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fusionaccess",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r005c10"
},
{
"model": "fusionaccess",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r005c20"
},
{
"model": "fusionaccess v100r005c20",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "fusionaccess v100r005c10",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04640"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007453"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-197"
},
{
"db": "NVD",
"id": "CVE-2015-7844"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:fusionaccess",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007453"
}
]
},
"cve": "CVE-2015-7844",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7844",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-04640",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-85805",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-7844",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7844",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7844",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-04640",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-197",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85805",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04640"
},
{
"db": "VULHUB",
"id": "VHN-85805"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007453"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-197"
},
{
"db": "NVD",
"id": "CVE-2015-7844"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable. Huawei FusionAccess Software contains input validation vulnerabilities.Service operation interruption (DoS) An attack may be carried out. Huawei FusionAccess is a desktop management system for Huawei\u0027s FusionCloud desktop cloud solution from Huawei. The system distributes, maintains, and recycles virtual desktops to users through a graphical Portal interface. An input verification vulnerability exists in Huawei FusionAccess V100R005C10 and V100R005C20",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7844"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007453"
},
{
"db": "CNVD",
"id": "CNVD-2017-04640"
},
{
"db": "VULHUB",
"id": "VHN-85805"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7844",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007453",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-04640",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-197",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85805",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04640"
},
{
"db": "VULHUB",
"id": "VHN-85805"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007453"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-197"
},
{
"db": "NVD",
"id": "CVE-2015-7844"
}
]
},
"id": "VAR-201704-0396",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04640"
},
{
"db": "VULHUB",
"id": "VHN-85805"
}
],
"trust": 0.9361111099999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04640"
}
]
},
"last_update_date": "2025-04-20T23:36:56.224000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20150909-02-FusionAccess",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-453537"
},
{
"title": "Huawei FusionAccess input verification vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/91953"
},
{
"title": "Huawei FusionAccess Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69044"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04640"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007453"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-197"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85805"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007453"
},
{
"db": "NVD",
"id": "CVE-2015-7844"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-453537"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7844"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7844"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04640"
},
{
"db": "VULHUB",
"id": "VHN-85805"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007453"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-197"
},
{
"db": "NVD",
"id": "CVE-2015-7844"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04640"
},
{
"db": "VULHUB",
"id": "VHN-85805"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007453"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-197"
},
{
"db": "NVD",
"id": "CVE-2015-7844"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04640"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-85805"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007453"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-197"
},
{
"date": "2017-04-02T20:59:00.750000",
"db": "NVD",
"id": "CVE-2015-7844"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04640"
},
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-85805"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007453"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-197"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-7844"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-197"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei FusionAccess Input validation vulnerability in other software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007453"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-197"
}
],
"trust": 0.6
}
}
VAR-201704-1019
Vulnerability from variot - Updated: 2025-04-20 23:29Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database. Huawei FusionAccess is prone to a command-injection vulnerability. An attacker may leverage this issue to inject arbitrary commands and obtain sensitive information. Huawei FusionAccess is a desktop management system of Huawei's FusionCloud desktop cloud solution developed by China's Huawei (Huawei). The system can distribute, maintain and reclaim virtual desktops for users through a graphical Portal interface. A command injection vulnerability exists in Huawei FusionAccess
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fusionaccess",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r005c10"
},
{
"model": "fusionaccess",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r005c20"
},
{
"model": "fusionaccess v100r005c20",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusionaccess v100r005c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusionaccess v100r005c30spc105",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "94620"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008222"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-008"
},
{
"db": "NVD",
"id": "CVE-2016-8779"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:fusionaccess",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008222"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "94620"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8779",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-8779",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-97599",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-8779",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8779",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-8779",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-008",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97599",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97599"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008222"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-008"
},
{
"db": "NVD",
"id": "CVE-2016-8779"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database. Huawei FusionAccess is prone to a command-injection vulnerability. \nAn attacker may leverage this issue to inject arbitrary commands and obtain sensitive information. Huawei FusionAccess is a desktop management system of Huawei\u0027s FusionCloud desktop cloud solution developed by China\u0027s Huawei (Huawei). The system can distribute, maintain and reclaim virtual desktops for users through a graphical Portal interface. A command injection vulnerability exists in Huawei FusionAccess",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8779"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008222"
},
{
"db": "BID",
"id": "94620"
},
{
"db": "VULHUB",
"id": "VHN-97599"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8779",
"trust": 2.8
},
{
"db": "BID",
"id": "94620",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008222",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-008",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-97599",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97599"
},
{
"db": "BID",
"id": "94620"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008222"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-008"
},
{
"db": "NVD",
"id": "CVE-2016-8779"
}
]
},
"id": "VAR-201704-1019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97599"
}
],
"trust": 0.33611111000000005
},
"last_update_date": "2025-04-20T23:29:43.033000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20161130-01-ldap",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en"
},
{
"title": "Huawei FusionAccess Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65990"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008222"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-90",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008222"
},
{
"db": "NVD",
"id": "CVE-2016-8779"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94620"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8779"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8779"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97599"
},
{
"db": "BID",
"id": "94620"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008222"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-008"
},
{
"db": "NVD",
"id": "CVE-2016-8779"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97599"
},
{
"db": "BID",
"id": "94620"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008222"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-008"
},
{
"db": "NVD",
"id": "CVE-2016-8779"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97599"
},
{
"date": "2016-12-01T00:00:00",
"db": "BID",
"id": "94620"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008222"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-008"
},
{
"date": "2017-04-02T20:59:01.530000",
"db": "NVD",
"id": "CVE-2016-8779"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-97599"
},
{
"date": "2016-12-20T02:04:00",
"db": "BID",
"id": "94620"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008222"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-008"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8779"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei FusionAccess Vulnerabilities in which important information is obtained from databases",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008222"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-008"
}
],
"trust": 0.6
}
}
VAR-201609-0584
Vulnerability from variot - Updated: 2025-04-13 23:41CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Huawei FusionAccess Is CRLF An injection vulnerability exists. http://cwe.mitre.org/data/definitions/113.htmlBy any third party HTTP Inserted header, HTTP There is a possibility of executing a response split attack. Huawei FusionAccess is prone to an HTTP header-injection vulnerability because it fails to sufficiently sanitize user input. An attacker can exploit this issue to inject arbitrary HTTP headers into a server response that could help to bypass security controls, perform cache poisoning and alter request or response page. This may aid in further attacks. Huawei FusionAccess is a desktop management system of Huawei's FusionCloud desktop cloud solution developed by China's Huawei (Huawei). The system can distribute, maintain and reclaim virtual desktops for users through a graphical Portal interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0584",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fusionaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v100r005c20"
},
{
"model": "fusionaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v100r005c10"
},
{
"model": "fusionaccess",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v100r005c30"
},
{
"model": "fusionaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v100r006c00"
},
{
"model": "fusionaccess v100r005c30",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusionaccess v100r005c20",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusionaccess v100r005c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusionaccess v100r006c00",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "92502"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:fusionaccess",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei",
"sources": [
{
"db": "BID",
"id": "92502"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6839",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-6839",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-95659",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-6839",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6839",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-6839",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-382",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95659",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95659"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Huawei FusionAccess Is CRLF An injection vulnerability exists. http://cwe.mitre.org/data/definitions/113.htmlBy any third party HTTP Inserted header, HTTP There is a possibility of executing a response split attack. Huawei FusionAccess is prone to an HTTP header-injection vulnerability because it fails to sufficiently sanitize user input. \nAn attacker can exploit this issue to inject arbitrary HTTP headers into a server response that could help to bypass security controls, perform cache poisoning and alter request or response page. This may aid in further attacks. Huawei FusionAccess is a desktop management system of Huawei\u0027s FusionCloud desktop cloud solution developed by China\u0027s Huawei (Huawei). The system can distribute, maintain and reclaim virtual desktops for users through a graphical Portal interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6839"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "BID",
"id": "92502"
},
{
"db": "VULHUB",
"id": "VHN-95659"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6839",
"trust": 2.8
},
{
"db": "BID",
"id": "92502",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95659",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95659"
},
{
"db": "BID",
"id": "92502"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"id": "VAR-201609-0584",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95659"
}
],
"trust": 0.33611111000000005
},
"last_update_date": "2025-04-13T23:41:16.973000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20160817-01-fusionaccess",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-113",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95659"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92502"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6839"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6839"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160817-01-fusionaccess-en"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95659"
},
{
"db": "BID",
"id": "92502"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95659"
},
{
"db": "BID",
"id": "92502"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-95659"
},
{
"date": "2016-08-17T00:00:00",
"db": "BID",
"id": "92502"
},
{
"date": "2016-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"date": "2016-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"date": "2016-09-07T19:28:16.910000",
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-95659"
},
{
"date": "2016-08-31T19:00:00",
"db": "BID",
"id": "92502"
},
{
"date": "2016-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004562"
},
{
"date": "2016-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-382"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6839"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei FusionAccess In CRLF Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004562"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-382"
}
],
"trust": 0.6
}
}
VAR-202006-1061
Vulnerability from variot - Updated: 2024-11-23 23:07FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal. FusionAccess There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Huawei FusionAccess is a virtual desktop application based on the Huawei Cloud platform of the Chinese company Huawei (Huawei). The vulnerability is caused by the program's insufficient validation of specific inputs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fusionaccess",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "6.5.1.spc002"
},
{
"model": "fusionaccess",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "6.5.1.spc002"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006726"
},
{
"db": "NVD",
"id": "CVE-2020-1825"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:fusionaccess",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006726"
}
]
},
"cve": "CVE-2020-1825",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-1825",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006726",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-171509",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-1825",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006726",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-1825",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-006726",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1021",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-171509",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-171509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006726"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1021"
},
{
"db": "NVD",
"id": "CVE-2020-1825"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal. FusionAccess There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Huawei FusionAccess is a virtual desktop application based on the Huawei Cloud platform of the Chinese company Huawei (Huawei). The vulnerability is caused by the program\u0027s insufficient validation of specific inputs",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1825"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006726"
},
{
"db": "VULHUB",
"id": "VHN-171509"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1825",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006726",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1021",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-53117",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-171509",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-171509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006726"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1021"
},
{
"db": "NVD",
"id": "CVE-2020-1825"
}
]
},
"id": "VAR-202006-1061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-171509"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:07:56.281000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20200610-01-fusionacces",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fusionacces-en"
},
{
"title": "Huawei FusionAccess Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122048"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006726"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1021"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-171509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006726"
},
{
"db": "NVD",
"id": "CVE-2020-1825"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fusionacces-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1825"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1825"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-171509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006726"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1021"
},
{
"db": "NVD",
"id": "CVE-2020-1825"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-171509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006726"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1021"
},
{
"db": "NVD",
"id": "CVE-2020-1825"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-171509"
},
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006726"
},
{
"date": "2020-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1021"
},
{
"date": "2020-06-15T15:15:09.647000",
"db": "NVD",
"id": "CVE-2020-1825"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-171509"
},
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006726"
},
{
"date": "2020-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1021"
},
{
"date": "2024-11-21T05:11:26.497000",
"db": "NVD",
"id": "CVE-2020-1825"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FusionAccess Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006726"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1021"
}
],
"trust": 0.6
}
}
VAR-202010-1181
Vulnerability from variot - Updated: 2024-11-23 22:47FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product. FusionAccess Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei smartphones could allow a local authenticated malicious user to bypass security restrictions, caused by an improper authorization vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1181",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fusionaccess",
"scope": "eq",
"trust": 1.8,
"vendor": "huawei",
"version": "6.5.1"
},
{
"model": "fusionaccess",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012143"
},
{
"db": "NVD",
"id": "CVE-2020-9090"
}
]
},
"cve": "CVE-2020-9090",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-9090",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-187215",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-9090",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-9090",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9090",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-9090",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1695",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-187215",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9090",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187215"
},
{
"db": "VULMON",
"id": "CVE-2020-9090"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012143"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1695"
},
{
"db": "NVD",
"id": "CVE-2020-9090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product. FusionAccess Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei smartphones could allow a local authenticated malicious user to bypass security restrictions, caused by an improper authorization vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9090"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012143"
},
{
"db": "VULHUB",
"id": "VHN-187215"
},
{
"db": "VULMON",
"id": "CVE-2020-9090"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9090",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012143",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "49656",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1695",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-57584",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187215",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9090",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187215"
},
{
"db": "VULMON",
"id": "CVE-2020-9090"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012143"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1695"
},
{
"db": "NVD",
"id": "CVE-2020-9090"
}
]
},
"id": "VAR-202010-1181",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187215"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:47:50.418000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20200930-01-fa",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-fa-en"
},
{
"title": "Huawei FusionAccess Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130388"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012143"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1695"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187215"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012143"
},
{
"db": "NVD",
"id": "CVE-2020-9090"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-fa-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9090"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/49656"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200930-01-fa-cn"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189289"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187215"
},
{
"db": "VULMON",
"id": "CVE-2020-9090"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012143"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1695"
},
{
"db": "NVD",
"id": "CVE-2020-9090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-187215"
},
{
"db": "VULMON",
"id": "CVE-2020-9090"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012143"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1695"
},
{
"db": "NVD",
"id": "CVE-2020-9090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-187215"
},
{
"date": "2020-10-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9090"
},
{
"date": "2021-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012143"
},
{
"date": "2020-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1695"
},
{
"date": "2020-10-12T14:15:14.073000",
"db": "NVD",
"id": "CVE-2020-9090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-187215"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9090"
},
{
"date": "2021-04-26T07:54:00",
"db": "JVNDB",
"id": "JVNDB-2020-012143"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1695"
},
{
"date": "2024-11-21T05:40:00.040000",
"db": "NVD",
"id": "CVE-2020-9090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1695"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FusionAccess\u00a0 Authentication Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012143"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1695"
}
],
"trust": 0.6
}
}
CVE-2020-9090 (GCVE-0-2020-9090)
Vulnerability from nvd – Published: 2020-10-12 13:29 – Updated: 2024-08-04 10:19
VLAI?
Summary
FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product.
Severity ?
No CVSS data available.
CWE
- Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | FusionAccess |
Affected:
6.5.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-fa-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionAccess",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:29:05",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-fa-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionAccess",
"version": {
"version_data": [
{
"version_value": "6.5.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-fa-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-fa-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9090",
"datePublished": "2020-10-12T13:29:05",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1825 (GCVE-0-2020-1825)
Vulnerability from nvd – Published: 2020-06-15 15:01 – Updated: 2024-08-04 06:46
VLAI?
Summary
FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | FusionAccess |
Affected:
Versions earlier than 6.5.1.SPC002
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fusionacces-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionAccess",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 6.5.1.SPC002"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-18T12:58:17",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fusionacces-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-1825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionAccess",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 6.5.1.SPC002"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fusionacces-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fusionacces-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-1825",
"datePublished": "2020-06-15T15:01:08",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8779 (GCVE-0-2016-8779)
Vulnerability from nvd – Published: 2017-04-02 20:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database.
Severity ?
No CVSS data available.
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20 |
Affected:
FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:00.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94620",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-03T09:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"name": "94620",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20",
"version": {
"version_data": [
{
"version_value": "FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94620"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2016-8779",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2016-10-18T00:00:00",
"dateUpdated": "2024-08-06T02:35:00.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7844 (GCVE-0-2015-7844)
Vulnerability from nvd – Published: 2017-04-02 20:00 – Updated: 2024-08-06 07:59
VLAI?
Summary
Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable.
Severity ?
No CVSS data available.
CWE
- Insufficient Input Verification
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | FusionAccess V100R005C10,V100R005C20 |
Affected:
FusionAccess V100R005C10,V100R005C20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-453537"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionAccess V100R005C10,V100R005C20",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FusionAccess V100R005C10,V100R005C20"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Input Verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-02T19:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-453537"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2015-7844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionAccess V100R005C10,V100R005C20",
"version": {
"version_data": [
{
"version_value": "FusionAccess V100R005C10,V100R005C20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Input Verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-453537",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-453537"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2015-7844",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6839 (GCVE-0-2016-6839)
Vulnerability from nvd – Published: 2016-09-07 19:00 – Updated: 2024-08-06 01:43
VLAI?
Summary
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en"
},
{
"name": "92502",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92502"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-07T18:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en"
},
{
"name": "92502",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92502"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en"
},
{
"name": "92502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92502"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6839",
"datePublished": "2016-09-07T19:00:00",
"dateReserved": "2016-08-18T00:00:00",
"dateUpdated": "2024-08-06T01:43:37.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9090 (GCVE-0-2020-9090)
Vulnerability from cvelistv5 – Published: 2020-10-12 13:29 – Updated: 2024-08-04 10:19
VLAI?
Summary
FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product.
Severity ?
No CVSS data available.
CWE
- Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | FusionAccess |
Affected:
6.5.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-fa-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionAccess",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:29:05",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-fa-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionAccess",
"version": {
"version_data": [
{
"version_value": "6.5.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-fa-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-fa-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9090",
"datePublished": "2020-10-12T13:29:05",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1825 (GCVE-0-2020-1825)
Vulnerability from cvelistv5 – Published: 2020-06-15 15:01 – Updated: 2024-08-04 06:46
VLAI?
Summary
FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | FusionAccess |
Affected:
Versions earlier than 6.5.1.SPC002
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fusionacces-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionAccess",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 6.5.1.SPC002"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-18T12:58:17",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fusionacces-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-1825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionAccess",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 6.5.1.SPC002"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fusionacces-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fusionacces-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-1825",
"datePublished": "2020-06-15T15:01:08",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8779 (GCVE-0-2016-8779)
Vulnerability from cvelistv5 – Published: 2017-04-02 20:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database.
Severity ?
No CVSS data available.
CWE
- command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20 |
Affected:
FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:00.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94620",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-03T09:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"name": "94620",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20",
"version": {
"version_data": [
{
"version_value": "FusionAccess FusionAccess V100R005C10, FusionAccess V100R005C20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94620"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2016-8779",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2016-10-18T00:00:00",
"dateUpdated": "2024-08-06T02:35:00.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7844 (GCVE-0-2015-7844)
Vulnerability from cvelistv5 – Published: 2017-04-02 20:00 – Updated: 2024-08-06 07:59
VLAI?
Summary
Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable.
Severity ?
No CVSS data available.
CWE
- Insufficient Input Verification
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | FusionAccess V100R005C10,V100R005C20 |
Affected:
FusionAccess V100R005C10,V100R005C20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-453537"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionAccess V100R005C10,V100R005C20",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FusionAccess V100R005C10,V100R005C20"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Input Verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-02T19:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-453537"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2015-7844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionAccess V100R005C10,V100R005C20",
"version": {
"version_data": [
{
"version_value": "FusionAccess V100R005C10,V100R005C20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Input Verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-453537",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-453537"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2015-7844",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6839 (GCVE-0-2016-6839)
Vulnerability from cvelistv5 – Published: 2016-09-07 19:00 – Updated: 2024-08-06 01:43
VLAI?
Summary
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en"
},
{
"name": "92502",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92502"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-07T18:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en"
},
{
"name": "92502",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92502"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-fusionaccess-en"
},
{
"name": "92502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92502"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6839",
"datePublished": "2016-09-07T19:00:00",
"dateReserved": "2016-08-18T00:00:00",
"dateUpdated": "2024-08-06T01:43:37.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}