VAR-201511-0199
Vulnerability from variot - Updated: 2023-12-18 14:05The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted message. Huawei VP9660 is a multipoint controller for Huawei video conferencing systems. Huawei VP9660 is a new generation of professional full HD video conferencing terminal products from China Huawei. A remote security bypass vulnerability exists in Huawei VP9660. An attacker could exploit the vulnerability to bypass security restrictions and perform unauthorized operations. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vp 9660",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r001c01"
},
{
"model": "vp 9660",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r001c02"
},
{
"model": "vp9660",
"scope": null,
"trust": 1.4,
"vendor": "huawei",
"version": null
},
{
"model": "vp 9660",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r001c30"
},
{
"model": "vp9660",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v200r001c30spc700"
},
{
"model": "vp9660 \u003cv200r001c30spc700",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "vp 9660",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v200r001c30"
},
{
"model": "vp9660 v200r001c30",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "vp9660 v200r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "vp9660 v200r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "vp9660 v200r001c30spc700",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "BID",
"id": "77559"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:vp_9660_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v200r001c30",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:vp_9660_firmware:v200r001c02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:vp_9660_firmware:v200r001c01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei",
"sources": [
{
"db": "BID",
"id": "77559"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
],
"trust": 0.9
},
"cve": "CVE-2015-8227",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.5,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-8227",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CNVD-2015-07795",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07799",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-86188",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8227",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-07795",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-07799",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-391",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-86188",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "VULHUB",
"id": "VHN-86188"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted message. Huawei VP9660 is a multipoint controller for Huawei video conferencing systems. Huawei VP9660 is a new generation of professional full HD video conferencing terminal products from China Huawei. A remote security bypass vulnerability exists in Huawei VP9660. An attacker could exploit the vulnerability to bypass security restrictions and perform unauthorized operations. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "BID",
"id": "77559"
},
{
"db": "VULHUB",
"id": "VHN-86188"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8227",
"trust": 3.1
},
{
"db": "BID",
"id": "77559",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07795",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-07799",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "31617",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-89930",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-86188",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "VULHUB",
"id": "VHN-86188"
},
{
"db": "BID",
"id": "77559"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"id": "VAR-201511-0199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "VULHUB",
"id": "VHN-86188"
}
],
"trust": 2.1294372150000003
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
}
]
},
"last_update_date": "2023-12-18T14:05:59.318000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20151111-01-VP9660",
"trust": 0.8,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461216.htm"
},
{
"title": "Huawei VP9660 Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/67213"
},
{
"title": "Huawei VP9660 Remote Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/67107"
},
{
"title": "Huawei VP9660 Multi-point control unit input verification vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58839"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86188"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "NVD",
"id": "CVE-2015-8227"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461216.htm"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/77559"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8227"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8227"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/31617"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-461216.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "VULHUB",
"id": "VHN-86188"
},
{
"db": "BID",
"id": "77559"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "VULHUB",
"id": "VHN-86188"
},
{
"db": "BID",
"id": "77559"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"date": "2015-11-24T00:00:00",
"db": "VULHUB",
"id": "VHN-86188"
},
{
"date": "2015-11-11T00:00:00",
"db": "BID",
"id": "77559"
},
{
"date": "2015-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"date": "2015-11-24T20:59:17.393000",
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"date": "2015-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07795"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"date": "2016-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-86188"
},
{
"date": "2015-11-11T00:00:00",
"db": "BID",
"id": "77559"
},
{
"date": "2015-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006026"
},
{
"date": "2016-09-13T17:32:18.930000",
"db": "NVD",
"id": "CVE-2015-8227"
},
{
"date": "2015-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei VP9660 Remote Security Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07799"
},
{
"db": "BID",
"id": "77559"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-391"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…