VAR-201609-0489
Vulnerability from variot - Updated: 2023-12-18 13:24Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110. Huawei UMA is prone to multiple command-injection vulnerabilities. Attackers can exploit these issues to obtain sensitive information or execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. Versions prior to UMA V200R001C00SPC200 are vulnerable. Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0489",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "uma",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r001c00spc100"
},
{
"model": "unified maintenance and audit",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v200r001c00spc200"
},
{
"model": "uma",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v200r001c00spc100"
},
{
"model": "uma v200r001c00spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "uma v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "uma v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "uma v200r001c00spc200",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "92617"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004567"
},
{
"db": "NVD",
"id": "CVE-2016-7109"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-521"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:huawei:uma:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v200r001c00spc100",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7109"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Third Research Institute of Ministry of Public Security.",
"sources": [
{
"db": "BID",
"id": "92617"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-521"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7109",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-7109",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-95929",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-7109",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7109",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-521",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-95929",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95929"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004567"
},
{
"db": "NVD",
"id": "CVE-2016-7109"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-521"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via \"special characters,\" a different vulnerability than CVE-2016-7110. Huawei UMA is prone to multiple command-injection vulnerabilities. \nAttackers can exploit these issues to obtain sensitive information or execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. \nVersions prior to UMA V200R001C00SPC200 are vulnerable. Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7109"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004567"
},
{
"db": "BID",
"id": "92617"
},
{
"db": "VULHUB",
"id": "VHN-95929"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7109",
"trust": 2.8
},
{
"db": "BID",
"id": "92617",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004567",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-521",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "34741",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95929",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95929"
},
{
"db": "BID",
"id": "92617"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004567"
},
{
"db": "NVD",
"id": "CVE-2016-7109"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-521"
}
]
},
"id": "VAR-201609-0489",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95929"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:24:37.064000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20160824-01-uma",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
},
{
"title": "Huawei UMA Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63820"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004567"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-521"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95929"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004567"
},
{
"db": "NVD",
"id": "CVE-2016-7109"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92617"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7109"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7109"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/34741"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-uma-en"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95929"
},
{
"db": "BID",
"id": "92617"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004567"
},
{
"db": "NVD",
"id": "CVE-2016-7109"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-521"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95929"
},
{
"db": "BID",
"id": "92617"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004567"
},
{
"db": "NVD",
"id": "CVE-2016-7109"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-521"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-95929"
},
{
"date": "2016-08-24T00:00:00",
"db": "BID",
"id": "92617"
},
{
"date": "2016-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004567"
},
{
"date": "2016-09-07T19:28:24.787000",
"db": "NVD",
"id": "CVE-2016-7109"
},
{
"date": "2016-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-521"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-95929"
},
{
"date": "2016-08-30T19:00:00",
"db": "BID",
"id": "92617"
},
{
"date": "2016-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004567"
},
{
"date": "2016-09-08T14:45:07.973000",
"db": "NVD",
"id": "CVE-2016-7109"
},
{
"date": "2016-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-521"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-521"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Unified Maintenance Audit Vulnerabilities in arbitrary command execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004567"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-521"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…