CVE-2016-6825

Опубликовано: 07 сент. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms."

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en
Vendor Advisory
http://www.securityfocus.com/bid/92504
Third Party Advisory
VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en
Vendor Advisory
http://www.securityfocus.com/bid/92504
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:huawei:rh1288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*

cpe:2.3:o:huawei:rh2288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*

cpe:2.3:o:huawei:rh2288h_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*

cpe:2.3:o:huawei:xh620_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*

cpe:2.3:o:huawei:xh622_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*

cpe:2.3:o:huawei:xh628_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:huawei:rh1288_v3_server:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2288_v3_server:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2288h_v3_server:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:xh620_v3_server:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:xh622_v3_server:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:xh628_v3_server:-:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00786

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-285

Связанные уязвимости

GHSA-9mvx-mp3h-cm56