Vulnerability-Lookup

CVE-2014-3222 (GCVE-0-2014-3222)

Vulnerability from cvelistv5 – Published: 2017-04-02 20:00 – Updated: 2024-08-06 10:35

Summary

Severity ?

No CVSS data available.

CWE

Improper User Permission Setting

Assigner

huawei

References

URL

	Vendor	Product	Version
	n/a	eSpace Meeting V100R001C03SPC201 and the earlier versions	Affected: eSpace Meeting V100R001C03SPC201 and the earlier versions

FKIE_CVE-2014-3222

Vulnerability from fkie_nvd - Published: 2017-04-02 20:59 - Updated: 2025-04-20 01:37

Severity ?

7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/hw-329170	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/hw-329170	Vendor Advisory

Impacted products

	Vendor	Product	Version
	huawei	espace_meeting	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:espace_meeting:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C31A08-D48B-49C3-AF25-B726FE75C577",
              "versionEndIncluding": "v100r001c03spc201",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources."
    },
    {
      "lang": "es",
      "value": "En Huawei eSpace Meeting con software V100R001C03SPC201 y las versiones anteriores, los atacantes que obtienen los permisos asignados a usuarios comunes pueden elevar los privilegios para acceder y establecer los recursos clave espec\u00edficos."
    }
  ],
  "id": "CVE-2014-3222",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 9.5,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-02T20:59:00.203",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/hw-329170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/hw-329170"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-05112

Vulnerability from cnvd - Published: 2017-04-23

Title

华为eSpace Meeting权限提升漏洞

Description

华为eSpace Meeting Service是中国华为（Huawei）公司的一套协同会议解决方案。该方案将语音、视频和数据共享集成在一起，让用户可通过电话终端、桌面电脑和平板电脑等各种终端简单快捷地接入会议。华为eSpace Meeting V100R001C03SPC201及之前的版本中存在安全漏洞，由于程序未能正确的设置用户权限。攻击者可利用该漏洞提升权限，访问并设置密钥资源。

Severity

中

Patch Name

华为eSpace Meeting权限提升漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://www.huawei.com/en/psirt/security-advisories/hw-329170

Reference

http://www.huawei.com/en/psirt/security-advisories/hw-329170

Impacted products

Name
Huawei eSpace Meeting <=v100r001c03spc201

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-3222"
    }
  },
  "description": "\u534e\u4e3aeSpace Meeting Service\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u5957\u534f\u540c\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u5c06\u8bed\u97f3\u3001\u89c6\u9891\u548c\u6570\u636e\u5171\u4eab\u96c6\u6210\u5728\u4e00\u8d77\uff0c\u8ba9\u7528\u6237\u53ef\u901a\u8fc7\u7535\u8bdd\u7ec8\u7aef\u3001\u684c\u9762\u7535\u8111\u548c\u5e73\u677f\u7535\u8111\u7b49\u5404\u79cd\u7ec8\u7aef\u7b80\u5355\u5feb\u6377\u5730\u63a5\u5165\u4f1a\u8bae\u3002\r\n\r\n\u534e\u4e3aeSpace Meeting V100R001C03SPC201\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u8bbe\u7f6e\u7528\u6237\u6743\u9650\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u8bbf\u95ee\u5e76\u8bbe\u7f6e\u5bc6\u94a5\u8d44\u6e90\u3002",
  "discovererName": "Gjoko Krstic (gjoko@zeroscience.mk)",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/en/psirt/security-advisories/hw-329170",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05112",
  "openTime": "2017-04-23",
  "patchDescription": "\u534e\u4e3aeSpace Meeting Service\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u5957\u534f\u540c\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u5c06\u8bed\u97f3\u3001\u89c6\u9891\u548c\u6570\u636e\u5171\u4eab\u96c6\u6210\u5728\u4e00\u8d77\uff0c\u8ba9\u7528\u6237\u53ef\u901a\u8fc7\u7535\u8bdd\u7ec8\u7aef\u3001\u684c\u9762\u7535\u8111\u548c\u5e73\u677f\u7535\u8111\u7b49\u5404\u79cd\u7ec8\u7aef\u7b80\u5355\u5feb\u6377\u5730\u63a5\u5165\u4f1a\u8bae\u3002\r\n\r\n\u534e\u4e3aeSpace Meeting V100R001C03SPC201\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u8bbe\u7f6e\u7528\u6237\u6743\u9650\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u8bbf\u95ee\u5e76\u8bbe\u7f6e\u5bc6\u94a5\u8d44\u6e90\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u534e\u4e3aeSpace Meeting\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei eSpace Meeting \u003c=v100r001c03spc201"
  },
  "referenceLink": "http://www.huawei.com/en/psirt/security-advisories/hw-329170",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-06",
  "title": "\u534e\u4e3aeSpace Meeting\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

GSD-2014-3222

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-3222

Aliases

CVE-2014-3222

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3222",
    "description": "In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources.",
    "id": "GSD-2014-3222"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3222"
      ],
      "details": "In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources.",
      "id": "GSD-2014-3222",
      "modified": "2023-12-13T01:22:53.825968Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2014-3222",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "eSpace Meeting V100R001C03SPC201 and the earlier versions",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "eSpace Meeting V100R001C03SPC201 and the earlier versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper User Permission Setting"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/hw-329170",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/hw-329170"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:espace_meeting:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "v100r001c03spc201",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2014-3222"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/hw-329170",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/hw-329170"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 9.5,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-04-04T20:43Z",
      "publishedDate": "2017-04-02T20:59Z"
    }
  }
}

VAR-201704-0436

Vulnerability from variot - Updated: 2025-04-20 23:05

In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources. Huawei eSpace Meeting Contains vulnerabilities in authorization, authority, and access control.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. Huawei eSpace Meeting Service is a collaborative meeting solution from Huawei, a Chinese company. This solution integrates voice, video and data sharing, allowing users to access conferences simply and quickly through various terminals such as telephone terminals, desktop computers and tablet computers. A local elevation of privilege vulnerability exists in Huawei eSpace Meeting Service version 1.0.0.23. An attacker could use this vulnerability to gain elevated permissions. Huawei's eSpace Meeting solution fully meets the needs of enterprisecustomers for an integrated daily collaboration system by integrating theconference server, conference video terminal, conference user authorization,and teleconference.The application is vulnerable to an elevation of privileges vulnerabilitywhich can be used by a simple user that can change the executable file with abinary of choice. The vulnerability exist due to the improper permissions, withthe 'F' flag (full) for the 'Users' group, for the 'eMservice.exe' binary file.The service is installed by default to start on system boot with LocalSystemprivileges. Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.Tested on: Microsoft Windows 7 Professional SP1 (EN). The vulnerability is caused by the incorrect setting of user rights in the program

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0436",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "espace meeting",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "huawei",
        "version": "v100r001c03spc201"
      },
      {
        "model": "espace meeting",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "v100r001c03spc201"
      },
      {
        "model": "espace meeting v100r001c03spc201b05",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace meeting v100r001c03spc202",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "technologies espace meeting service",
        "scope": "eq",
        "trust": 0.1,
        "vendor": "huawei",
        "version": "1.0.0.23 (v100r001c03spc201b050)"
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2014-5171"
      },
      {
        "db": "BID",
        "id": "66107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008243"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-214"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3222"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:huawei:espace_meeting",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008243"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gjoko Krstic",
    "sources": [
      {
        "db": "BID",
        "id": "66107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-569"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-3222",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CVE-2014-3222",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-71161",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "id": "CVE-2014-3222",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-3222",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-3222",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-214",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "ZSL",
            "id": "ZSL-2014-5171",
            "trust": 0.1,
            "value": "(3/5)"
          },
          {
            "author": "VULHUB",
            "id": "VHN-71161",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2014-5171"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008243"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-214"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3222"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources. Huawei eSpace Meeting Contains vulnerabilities in authorization, authority, and access control.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. Huawei eSpace Meeting Service is a collaborative meeting solution from Huawei, a Chinese company. This solution integrates voice, video and data sharing, allowing users to access conferences simply and quickly through various terminals such as telephone terminals, desktop computers and tablet computers. \nA local elevation of privilege vulnerability exists in Huawei eSpace Meeting Service version 1.0.0.23. An attacker could use this vulnerability to gain elevated permissions. Huawei\u0027s eSpace Meeting solution fully meets the needs of enterprisecustomers for an integrated daily collaboration system by integrating theconference server, conference video terminal, conference user authorization,and teleconference.The application is vulnerable to an elevation of privileges vulnerabilitywhich can be used by a simple user that can change the executable file with abinary of choice. The vulnerability exist due to the improper permissions, withthe \u0027F\u0027 flag (full) for the \u0027Users\u0027 group, for the \u0027eMservice.exe\u0027 binary file.The service is installed by default to start on system boot with LocalSystemprivileges. Attackers can replace the binary with their rootkit, and on rebootthey get SYSTEM privileges.Tested on: Microsoft Windows 7 Professional SP1 (EN). The vulnerability is caused by the incorrect setting of user rights in the program",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3222"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008243"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-569"
      },
      {
        "db": "BID",
        "id": "66107"
      },
      {
        "db": "ZSL",
        "id": "ZSL-2014-5171"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71161"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "http://support.huawei.com/enterprise/softdownload.action?idabspath=fixnode01%7c7881490%7c7881504%7c7923084%7c8177281\u0026pid=8177281\u0026vrc=8181215%7c8181217%7c9163343%7c21116624\u0026show=showvdetail\u0026tab=bz\u0026bz_vr=8181217\u0026bz_vrc=\u0026nbz_vr=null",
        "trust": 0.1,
        "type": "poc"
      },
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-71161",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2014-5171"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71161"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3222",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "66107",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008243",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-214",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-569",
        "trust": 0.6
      },
      {
        "db": "ZSL",
        "id": "ZSL-2014-5171",
        "trust": 0.4
      },
      {
        "db": "EXPLOIT-DB",
        "id": "32205",
        "trust": 0.2
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2014030081",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "57225",
        "trust": 0.1
      },
      {
        "db": "OSVDB",
        "id": "104323",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "125638",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-85505",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-71161",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2014-5171"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71161"
      },
      {
        "db": "BID",
        "id": "66107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008243"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-569"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3222"
      }
    ]
  },
  "id": "VAR-201704-0436",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71161"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:05:10.260000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Huawei-SA-20140310-01",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/hw-329170"
      },
      {
        "title": "Huawei eSpace Meeting Service Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69060"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008243"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-214"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008243"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3222"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/psirt/security-advisories/hw-329170"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3222"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3222"
      },
      {
        "trust": 0.7,
        "url": "http://www.securityfocus.com/bid/66107"
      },
      {
        "trust": 0.4,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-329170.htm"
      },
      {
        "trust": 0.3,
        "url": "http://enterprise.huawei.com/en/solutions/multimediasolu/uc/hw-127541.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2014-5171.php"
      },
      {
        "trust": 0.1,
        "url": "http://cxsecurity.com/issue/wlb-2014030081"
      },
      {
        "trust": 0.1,
        "url": "http://packetstormsecurity.com/files/125638"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/57225/"
      },
      {
        "trust": 0.1,
        "url": "http://osvdb.org/show/osvdb/104323"
      },
      {
        "trust": 0.1,
        "url": "http://www.exploit-db.com/exploits/32205/"
      }
    ],
    "sources": [
      {
        "db": "ZSL",
        "id": "ZSL-2014-5171"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71161"
      },
      {
        "db": "BID",
        "id": "66107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008243"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-569"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3222"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZSL",
        "id": "ZSL-2014-5171"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71161"
      },
      {
        "db": "BID",
        "id": "66107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008243"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-569"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3222"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-03-10T00:00:00",
        "db": "ZSL",
        "id": "ZSL-2014-5171"
      },
      {
        "date": "2017-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71161"
      },
      {
        "date": "2014-03-10T00:00:00",
        "db": "BID",
        "id": "66107"
      },
      {
        "date": "2017-04-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008243"
      },
      {
        "date": "2017-04-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-214"
      },
      {
        "date": "2014-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201403-569"
      },
      {
        "date": "2017-04-02T20:59:00.203000",
        "db": "NVD",
        "id": "CVE-2014-3222"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-21T00:00:00",
        "db": "ZSL",
        "id": "ZSL-2014-5171"
      },
      {
        "date": "2017-04-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71161"
      },
      {
        "date": "2014-03-10T00:00:00",
        "db": "BID",
        "id": "66107"
      },
      {
        "date": "2017-04-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008243"
      },
      {
        "date": "2017-04-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-214"
      },
      {
        "date": "2014-04-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201403-569"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2014-3222"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "66107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-569"
      }
    ],
    "trust": 1.5
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei eSpace Meeting Vulnerabilities in authorization, authority and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008243"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-569"
      }
    ],
    "trust": 1.2
  }
}

GHSA-P237-6FQH-2765

Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2022-05-17 02:51

Details

Severity ?

7.0 (High)


                  
                    CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3222"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-02T20:59:00Z",
    "severity": "HIGH"
  },
  "details": "In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources.",
  "id": "GHSA-p237-6fqh-2765",
  "modified": "2022-05-17T02:51:55Z",
  "published": "2022-05-17T02:51:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3222"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/hw-329170"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-3222 (GCVE-0-2014-3222)

FKIE_CVE-2014-3222

CNVD-2017-05112

GSD-2014-3222

VAR-201704-0436

GHSA-P237-6FQH-2765

Tags

Sightings

Nomenclature