var-201511-0199
Vulnerability from variot
The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted message. Huawei VP9660 is a multipoint controller for Huawei video conferencing systems. Huawei VP9660 is a new generation of professional full HD video conferencing terminal products from China Huawei. A remote security bypass vulnerability exists in Huawei VP9660. An attacker could exploit the vulnerability to bypass security restrictions and perform unauthorized operations. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vp 9660",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r001c01"
},
{
"model": "vp 9660",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r001c02"
},
{
"model": "vp9660",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "vp 9660",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r001c30"
},
{
"model": "vp9660",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v200r001c30spc700"
},
{
"model": "vp9660 \u003cv200r001c30spc700",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "vp 9660",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v200r001c30"
},
{
"model": "vp9660 v200r001c30",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "vp9660 v200r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "vp9660 v200r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "vp9660 v200r001c30spc700",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "BID",
"id": "77559"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:vp_9660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v200r001c30",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:vp_9660_firmware:v200r001c02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:vp_9660_firmware:v200r001c01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei",
"sources": [
{
"db": "BID",
"id": "77559"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
],
"trust": 0.9
},
"cve": "CVE-2015-8227",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.5,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-8227",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CNVD-2015-07795",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07799",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-86188",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8227",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-07795",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-07799",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-391",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-86188",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "VULHUB",
"id": "VHN-86188"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted message. Huawei VP9660 is a multipoint controller for Huawei video conferencing systems. Huawei VP9660 is a new generation of professional full HD video conferencing terminal products from China Huawei. A remote security bypass vulnerability exists in Huawei VP9660. An attacker could exploit the vulnerability to bypass security restrictions and perform unauthorized operations. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "BID",
"id": "77559"
},
{
"db": "VULHUB",
"id": "VHN-86188"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8227",
"trust": 3.1
},
{
"db": "BID",
"id": "77559",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07795",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-07799",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "31617",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-89930",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-86188",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "VULHUB",
"id": "VHN-86188"
},
{
"db": "BID",
"id": "77559"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"id": "VAR-201511-0199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "VULHUB",
"id": "VHN-86188"
}
],
"trust": 2.1294372150000003
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
}
]
},
"last_update_date": "2023-12-18T14:05:59.318000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20151111-01-VP9660",
"trust": 0.8,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461216.htm"
},
{
"title": "Huawei VP9660 Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/67213"
},
{
"title": "Huawei VP9660 Remote Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/67107"
},
{
"title": "Huawei VP9660 Multi-point control unit input verification vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58839"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86188"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "NVD",
"id": "CVE-2015-8227"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461216.htm"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/77559"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8227"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8227"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/31617"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-461216.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "VULHUB",
"id": "VHN-86188"
},
{
"db": "BID",
"id": "77559"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "VULHUB",
"id": "VHN-86188"
},
{
"db": "BID",
"id": "77559"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"date": "2015-11-24T00:00:00",
"db": "VULHUB",
"id": "VHN-86188"
},
{
"date": "2015-11-11T00:00:00",
"db": "BID",
"id": "77559"
},
{
"date": "2015-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"date": "2015-11-24T20:59:17.393000",
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"date": "2015-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"date": "2016-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-86188"
},
{
"date": "2015-11-11T00:00:00",
"db": "BID",
"id": "77559"
},
{
"date": "2015-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"date": "2016-09-13T17:32:18.930000",
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"date": "2015-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei VP9660 Remote Security Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "BID",
"id": "77559"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.