CVE-2017-15352

LOW

Huawei Oceanstor 2800 Firmware - Incorrect Permission Assignment

Title source: rule

Description

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en

Scores

CVSS v3 3.1

EPSS 0.0003

EPSS Percentile 9.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L

Details

CWE

CWE-732

Status published

Products (14)

huawei/oceanstor_2800_firmware v300r003c00

huawei/oceanstor_2800_firmware v300r003c20

huawei/oceanstor_5300_firmware v300r003c00

huawei/oceanstor_5300_firmware v300r003c10

huawei/oceanstor_5300_firmware v300r003c20

huawei/oceanstor_5500_firmware v300r003c00

huawei/oceanstor_5500_firmware v300r003c10

huawei/oceanstor_5500_firmware v300r003c20

huawei/oceanstor_5600_firmware v300r003c00

huawei/oceanstor_5600_firmware v300r003c10

... and 4 more

Published Feb 15, 2018

Tracked Since Feb 18, 2026