Vulnerabilites related to huawei - fusionmanager
CVE-2014-9137 (GCVE-0-2014-9137)
Vulnerability from cvelistv5
Published
2017-04-02 20:00
Modified
2024-08-06 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CSRF
Summary
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/hw-372186 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900, |
Version: USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900, |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-02T19:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2014-9137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,",
"version": {
"version_data": [
{
"version_value": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-372186",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2014-9137",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2014-11-28T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9136 (GCVE-0-2014-9136)
Vulnerability from cvelistv5
Published
2017-04-02 20:00
Modified
2024-08-06 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CSRF
Summary
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/hw-372186 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions, |
Version: FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions, |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-02T19:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2014-9136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,",
"version": {
"version_data": [
{
"version_value": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-372186",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2014-9136",
"datePublished": "2017-04-02T20:00:00",
"dateReserved": "2014-11-28T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201704-0448
Vulnerability from variot
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. Huawei FusionManager is a management software for hardware devices, virtualized resources, and applications developed by Huawei in China. Cross-site request forgery vulnerabilities exist in Huawei FusionManager V100R002C03 and V100R003C00. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0448",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fusionmanager",
"scope": "eq",
"trust": 1.4,
"vendor": "huawei",
"version": "v100r002c03"
},
{
"model": "fusionmanager",
"scope": "eq",
"trust": 1.4,
"vendor": "huawei",
"version": "v100r003c00"
},
{
"model": "usg2200",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg5100",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "fusionmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r003c00"
},
{
"model": "usg9500",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r001c01spc800"
},
{
"model": "usg5500",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg2100",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg9500",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "fusionmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r002c03"
},
{
"model": "usg2100",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg9500",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg5500",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg9500",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v200r001c01spc800"
},
{
"model": "usg2100",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg5100",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg9500",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:fusionmanager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg2100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg5100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg5500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg9500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
}
]
},
"cve": "CVE-2014-9136",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-9136",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-77081",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2014-9136",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9136",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-207",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77081",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-9136",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77081"
},
{
"db": "VULMON",
"id": "CVE-2014-9136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. Huawei FusionManager is a management software for hardware devices, virtualized resources, and applications developed by Huawei in China. Cross-site request forgery vulnerabilities exist in Huawei FusionManager V100R002C03 and V100R003C00. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "VULHUB",
"id": "VHN-77081"
},
{
"db": "VULMON",
"id": "CVE-2014-9136"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9136",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-77081",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-9136",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77081"
},
{
"db": "VULMON",
"id": "CVE-2014-9136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"id": "VAR-201704-0448",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-77081"
}
],
"trust": 0.42149026
},
"last_update_date": "2024-11-23T22:17:58.993000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20140924-02-CSRF",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
},
{
"title": "Huawei FusionManager Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73794"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9136"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9136"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77081"
},
{
"db": "VULMON",
"id": "CVE-2014-9136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-77081"
},
{
"db": "VULMON",
"id": "CVE-2014-9136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-77081"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9136"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"date": "2017-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"date": "2017-04-02T20:59:00.453000",
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-77081"
},
{
"date": "2017-04-05T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9136"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008278"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-207"
},
{
"date": "2024-11-21T02:20:16.207000",
"db": "NVD",
"id": "CVE-2014-9136"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei FusionManager In software Web For interface users CSRF Attacked vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008278"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-207"
}
],
"trust": 0.6
}
}
var-201704-0426
Vulnerability from variot
The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. Huawei FusionStorage is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. Huawei FusionStorage is a set of distributed block storage software specially designed for the storage infrastructure of cloud computing data centers by Huawei in China. There is a privilege escalation vulnerability in Huawei FusionStorage
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0426",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fusionstorage",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v100r003c30u1"
},
{
"model": "fusionmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "v100r003c30u1"
},
{
"model": "fusionstorage v100r003c30u1",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusionstorage v100r003c30u2",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "94507"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008228"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-661"
},
{
"db": "NVD",
"id": "CVE-2016-8803"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:fusionmanager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008228"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "94507"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8803",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 2.7,
"id": "CVE-2016-8803",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 2.7,
"id": "VHN-97623",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2016-8803",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8803",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-8803",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-661",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97623",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97623"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008228"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-661"
},
{
"db": "NVD",
"id": "CVE-2016-8803"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. Huawei FusionStorage is prone to a local privilege-escalation vulnerability. \nLocal attackers may exploit this issue to gain elevated privileges. Huawei FusionStorage is a set of distributed block storage software specially designed for the storage infrastructure of cloud computing data centers by Huawei in China. There is a privilege escalation vulnerability in Huawei FusionStorage",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8803"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008228"
},
{
"db": "BID",
"id": "94507"
},
{
"db": "VULHUB",
"id": "VHN-97623"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8803",
"trust": 2.8
},
{
"db": "BID",
"id": "94507",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008228",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-661",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-97623",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97623"
},
{
"db": "BID",
"id": "94507"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008228"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-661"
},
{
"db": "NVD",
"id": "CVE-2016-8803"
}
]
},
"id": "VAR-201704-0426",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97623"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:13:03.978000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20161123-01-fusionstorage",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en"
},
{
"title": "Huawei FusionStorage Repair measures for privilege escalation",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65935"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008228"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-661"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97623"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008228"
},
{
"db": "NVD",
"id": "CVE-2016-8803"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94507"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8803"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8803"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97623"
},
{
"db": "BID",
"id": "94507"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008228"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-661"
},
{
"db": "NVD",
"id": "CVE-2016-8803"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97623"
},
{
"db": "BID",
"id": "94507"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008228"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-661"
},
{
"db": "NVD",
"id": "CVE-2016-8803"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97623"
},
{
"date": "2016-11-23T00:00:00",
"db": "BID",
"id": "94507"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008228"
},
{
"date": "2016-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-661"
},
{
"date": "2017-04-02T20:59:01.970000",
"db": "NVD",
"id": "CVE-2016-8803"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-97623"
},
{
"date": "2016-12-20T01:02:00",
"db": "BID",
"id": "94507"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008228"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-661"
},
{
"date": "2024-11-21T03:00:07.327000",
"db": "NVD",
"id": "CVE-2016-8803"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "94507"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-661"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei FusionStorage Document creation vulnerability in the maintenance module",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-661"
}
],
"trust": 0.6
}
}
var-201704-0449
Vulnerability from variot
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. Huawei USG9500 is a firewall product of China Huawei. A cross-site request forgery vulnerability exists in several Huawei firewall USG series products. A remote attacker could exploit this vulnerability to perform unauthorized operations. Huawei USG9500 etc. The following products and versions are affected: Huawei USG9500 V200R001C01SPC800 and previous versions, V300R001C00 Version; USG2100 V300R001C00SPC900 and previous versions; USG2200 V300R001C00SPC900 and previous versions; USG5100 V300R001C00SPC900 and previous versions; USG5500 V300R001C00SPC900 and previous versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0449",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fusionmanager",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r002c03"
},
{
"model": "fusionmanager",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v100r003c00"
},
{
"model": "usg9500",
"scope": "eq",
"trust": 2.4,
"vendor": "huawei",
"version": "v300r001c00"
},
{
"model": "usg2100",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg5500",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg9500",
"scope": "lte",
"trust": 1.8,
"vendor": "huawei",
"version": "v200r001c01spc800"
},
{
"model": "usg2200",
"scope": "eq",
"trust": 1.4,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg5100",
"scope": "eq",
"trust": 1.4,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg2200",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg5100",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "fusionmanager v100r002c03",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "fusionmanager v100r003c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500 v300r001c00spc900",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg9500 \u003c=v200r001c01spc800",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg9500 \u003c=v300r001c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg2100 \u003c=v300r001c00spc900",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg2200 \u003c=v300r001c00spc900",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg5100 \u003c=300r001c00spc900",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "usg5500",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00spc900"
},
{
"model": "usg9500",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v200r001c01spc800"
},
{
"model": "usg2100",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v300r001c00spc900"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:fusionmanager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg2100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg5100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg5500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:usg9500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
}
]
},
"cve": "CVE-2014-9137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-9137",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-04633",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-77082",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2014-9137",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9137",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9137",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-04633",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-206",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77082",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "VULHUB",
"id": "VHN-77082"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. Huawei USG9500 is a firewall product of China Huawei. A cross-site request forgery vulnerability exists in several Huawei firewall USG series products. A remote attacker could exploit this vulnerability to perform unauthorized operations. Huawei USG9500 etc. The following products and versions are affected: Huawei USG9500 V200R001C01SPC800 and previous versions, V300R001C00 Version; USG2100 V300R001C00SPC900 and previous versions; USG2200 V300R001C00SPC900 and previous versions; USG5100 V300R001C00SPC900 and previous versions; USG5500 V300R001C00SPC900 and previous versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9137"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "VULHUB",
"id": "VHN-77082"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9137",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04633",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-77082",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "VULHUB",
"id": "VHN-77082"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"id": "VAR-201704-0449",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "VULHUB",
"id": "VHN-77082"
}
],
"trust": 1.530372565
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
}
]
},
"last_update_date": "2024-11-23T22:52:31.631000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20140924-02-CSRF",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
},
{
"title": "A variety of Huawei firewall USG series products cross-site request forgery vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/91945"
},
{
"title": "A variety of Huawei firewalls USG Repair measures for cross-site request forgery vulnerability in series products",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69053"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77082"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9137"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9137"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "VULHUB",
"id": "VHN-77082"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"db": "VULHUB",
"id": "VHN-77082"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-77082"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"date": "2017-04-02T20:59:00.470000",
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04633"
},
{
"date": "2017-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-77082"
},
{
"date": "2017-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008286"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-206"
},
{
"date": "2024-11-21T02:20:16.327000",
"db": "NVD",
"id": "CVE-2014-9137"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei USG In product Web To the user of the interface CSRF Attacked vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008286"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-206"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2017-04-02 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | fusionmanager | * | |
| huawei | fusionmanager | * | |
| huawei | usg9500_firmware | * | |
| huawei | usg9500_firmware | * | |
| huawei | usg9500 | - | |
| huawei | usg2100_firmware | * | |
| huawei | usg2100 | - | |
| huawei | usg2200_firmware | * | |
| huawei | usg2200 | - | |
| huawei | usg5100_firmware | * | |
| huawei | usg5100 | - | |
| huawei | usg5500_firmware | * | |
| huawei | usg5500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:fusionmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F27EF98-F5DA-426D-9CDF-8E425A0B212A",
"versionEndIncluding": "v100r002c03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:fusionmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1468F171-852F-4CC1-BA64-340B35501A9B",
"versionEndIncluding": "v100r003c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB84AA3-8F2D-40F4-998F-D8941C38EB15",
"versionEndIncluding": "v200r001c01spc800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F49A05F-6945-4C7D-BA45-3635840485BF",
"versionEndIncluding": "v300r001c00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6064BB-5E62-4D70-B933-05B5426EEE9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C486D62-23FD-4D64-AF97-2A70B1D6B715",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56136202-9759-4A86-A52B-AE841319C4DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg2200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD11D623-1A81-4535-9BA1-1C5A118FE70C",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A78C3EBF-B7B0-4239-95CF-588D78FF6BA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg5100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B881A96B-5B20-44D3-A039-7EFFEFEFFAF8",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5140E0A4-AA43-4410-BE72-7A751B8025D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg5500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1799A24D-062B-4E70-BB59-41B8BC7D0A12",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC12456-351D-4DA4-8576-7FE9157E61DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
},
{
"lang": "es",
"value": "Huawei FusionManager con software V100R002C03 y V100R003C00 podr\u00edan permitir a un atacante remoto no autenticado, llevar a cabo un ataque de CSRF contra el usuario de la interfaz web."
}
],
"id": "CVE-2014-9136",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-02T20:59:00.453",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-02 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | fusionmanager | v100r002c03 | |
| huawei | fusionmanager | v100r003c00 | |
| huawei | usg9500_firmware | * | |
| huawei | usg9500_firmware | v300r001c00 | |
| huawei | usg9500 | - | |
| huawei | usg2100_firmware | * | |
| huawei | usg2100 | - | |
| huawei | usg2200_firmware | * | |
| huawei | usg2200 | - | |
| huawei | usg5100_firmware | * | |
| huawei | usg5100 | - | |
| huawei | usg5500_firmware | * | |
| huawei | usg5500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:huawei:fusionmanager:v100r002c03:*:*:*:*:*:*:*",
"matchCriteriaId": "433EA4EE-77D4-40B7-8DD2-BC8500A498E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:huawei:fusionmanager:v100r003c00:*:*:*:*:*:*:*",
"matchCriteriaId": "53A333D1-1346-4CF3-A17A-25A8A5A92713",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB84AA3-8F2D-40F4-998F-D8941C38EB15",
"versionEndIncluding": "v200r001c01spc800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v300r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "52132C6A-9B3C-47A1-8889-7B55C3C2A639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6064BB-5E62-4D70-B933-05B5426EEE9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C486D62-23FD-4D64-AF97-2A70B1D6B715",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56136202-9759-4A86-A52B-AE841319C4DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg2200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD11D623-1A81-4535-9BA1-1C5A118FE70C",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A78C3EBF-B7B0-4239-95CF-588D78FF6BA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg5100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B881A96B-5B20-44D3-A039-7EFFEFEFFAF8",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5140E0A4-AA43-4410-BE72-7A751B8025D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg5500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1799A24D-062B-4E70-BB59-41B8BC7D0A12",
"versionEndIncluding": "v300r001c00spc900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC12456-351D-4DA4-8576-7FE9157E61DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
},
{
"lang": "es",
"value": "Huawei USG9500 con software V200R001C01SPC800 y versiones anteriores, V300R001C00; USG2100 con software V300R001C00SPC900 y versiones anteriores; USG2200 con software V300R001C00SPC900; USG5100 con software V300R001C00SPC900 podr\u00edan permitir a un atacante remoto no autenticado, llevar a cabo un ataque de CSRF contra el usuario de la interfaz web."
}
],
"id": "CVE-2014-9137",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-02T20:59:00.470",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}