VAR-201511-0201
Vulnerability from variot - Updated: 2023-12-18 12:30Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered device. Huawei eSpace U2980 and U2990 are both Huawei's telephone switch products. A denial of service vulnerability exists in the Huawei eSpace U2980 and U2990 switches. An attacker could exploit the vulnerability to cause a program to deny legitimate users. Huawei eSpace U2980 and U2990 have security vulnerabilities because no error correction mechanism is used when processing specific signal packets. The attacker sends malformed packets, which can cause some services of U2990 and U2980 to refuse service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0201",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "espace u2990",
"scope": null,
"trust": 1.2,
"vendor": "huawei",
"version": null
},
{
"model": "espace u2980",
"scope": null,
"trust": 1.2,
"vendor": "huawei",
"version": null
},
{
"model": "espace",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r001c02"
},
{
"model": "espace",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r001c02"
},
{
"model": "espace u2980 unified gateway",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "espace u2990 unified gateway",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "espace",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v100r001c10 (espace u2980)"
},
{
"model": "espace",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v200r001c10 (espace u2990)"
},
{
"model": "espace",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v200r001c02"
},
{
"model": "espace",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v100r001c02"
},
{
"model": "espace u2990 v200r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace u2980 v100r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace u2990 v200r001c10",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace u2980 v100r001c10",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07772"
},
{
"db": "CNVD",
"id": "CNVD-2015-07793"
},
{
"db": "BID",
"id": "77556"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006028"
},
{
"db": "NVD",
"id": "CVE-2015-8229"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-393"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:espace_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v100r001c02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:espace_unified_gateway_u2980:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:espace_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v200r001c02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:espace_unified_gateway_u2990:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8229"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei",
"sources": [
{
"db": "BID",
"id": "77556"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-393"
}
],
"trust": 0.9
},
"cve": "CVE-2015-8229",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-8229",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07772",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-07793",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-86190",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8229",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-07772",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-07793",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-393",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86190",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07772"
},
{
"db": "CNVD",
"id": "CNVD-2015-07793"
},
{
"db": "VULHUB",
"id": "VHN-86190"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006028"
},
{
"db": "NVD",
"id": "CVE-2015-8229"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-393"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered device. Huawei eSpace U2980 and U2990 are both Huawei\u0027s telephone switch products. A denial of service vulnerability exists in the Huawei eSpace U2980 and U2990 switches. An attacker could exploit the vulnerability to cause a program to deny legitimate users. Huawei eSpace U2980 and U2990 have security vulnerabilities because no error correction mechanism is used when processing specific signal packets. The attacker sends malformed packets, which can cause some services of U2990 and U2980 to refuse service",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8229"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006028"
},
{
"db": "CNVD",
"id": "CNVD-2015-07772"
},
{
"db": "CNVD",
"id": "CNVD-2015-07793"
},
{
"db": "BID",
"id": "77556"
},
{
"db": "VULHUB",
"id": "VHN-86190"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8229",
"trust": 3.1
},
{
"db": "BID",
"id": "77556",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006028",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-393",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07772",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-07793",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "31619",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-89928",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-86190",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07772"
},
{
"db": "CNVD",
"id": "CNVD-2015-07793"
},
{
"db": "VULHUB",
"id": "VHN-86190"
},
{
"db": "BID",
"id": "77556"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006028"
},
{
"db": "NVD",
"id": "CVE-2015-8229"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-393"
}
]
},
"id": "VAR-201511-0201",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07772"
},
{
"db": "CNVD",
"id": "CNVD-2015-07793"
},
{
"db": "VULHUB",
"id": "VHN-86190"
}
],
"trust": 2.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07772"
},
{
"db": "CNVD",
"id": "CNVD-2015-07793"
}
]
},
"last_update_date": "2023-12-18T12:30:11.186000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20151111-01-eSpace",
"trust": 0.8,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461219.htm"
},
{
"title": "Huawei eSpace U2980 and U2990 denial of service vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/67109"
},
{
"title": "Huawei eSpace U2980/2990 denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/67215"
},
{
"title": "Huawei eSpace U2980 and U2990 Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58841"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07772"
},
{
"db": "CNVD",
"id": "CNVD-2015-07793"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006028"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-393"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86190"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006028"
},
{
"db": "NVD",
"id": "CVE-2015-8229"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461219.htm"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/77556"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8229"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8229"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/31619"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
},
{
"trust": 0.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-461219.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07772"
},
{
"db": "CNVD",
"id": "CNVD-2015-07793"
},
{
"db": "VULHUB",
"id": "VHN-86190"
},
{
"db": "BID",
"id": "77556"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006028"
},
{
"db": "NVD",
"id": "CVE-2015-8229"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-393"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-07772"
},
{
"db": "CNVD",
"id": "CNVD-2015-07793"
},
{
"db": "VULHUB",
"id": "VHN-86190"
},
{
"db": "BID",
"id": "77556"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006028"
},
{
"db": "NVD",
"id": "CVE-2015-8229"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-393"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07772"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07793"
},
{
"date": "2015-11-24T00:00:00",
"db": "VULHUB",
"id": "VHN-86190"
},
{
"date": "2015-11-11T00:00:00",
"db": "BID",
"id": "77556"
},
{
"date": "2015-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006028"
},
{
"date": "2015-11-24T20:59:22.147000",
"db": "NVD",
"id": "CVE-2015-8229"
},
{
"date": "2015-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-393"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07772"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07793"
},
{
"date": "2016-08-18T00:00:00",
"db": "VULHUB",
"id": "VHN-86190"
},
{
"date": "2015-11-11T00:00:00",
"db": "BID",
"id": "77556"
},
{
"date": "2015-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006028"
},
{
"date": "2016-08-18T16:34:42.143000",
"db": "NVD",
"id": "CVE-2015-8229"
},
{
"date": "2015-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-393"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-393"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei eSpace U2980 and U2990 Unified Gateway Service disruption in other software (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006028"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-393"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…