CVE-2017-15327

MEDIUM

Huawei S12700 S7700 S9700 Firmware - Unauthenticated Sensitive Information Exposure via Improper Authorization

Title source: llm

Description

S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en

Scores

CVSS v3 4.3

EPSS 0.0011

EPSS Percentile 28.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (35)

huawei/s12700_firmware v200r005c00

huawei/s12700_firmware v200r006c00

huawei/s12700_firmware v200r006c01

huawei/s12700_firmware v200r007c00

huawei/s12700_firmware v200r007c01

huawei/s12700_firmware v200r007c20

huawei/s12700_firmware v200r008c00

huawei/s12700_firmware v200r008c06

huawei/s12700_firmware v200r009c00

huawei/s12700_firmware v200r010c00

... and 25 more

Published Apr 11, 2018

Tracked Since Feb 18, 2026