CVE-2014-9137

Published Apr 2, 2017

Last updated 8 years ago

CVSS high 8.8

Overview

Description: Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:huawei:fusionmanager:v100r002c03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "433EA4EE-77D4-40B7-8DD2-BC8500A498E9"
          },
          {
            "criteria": "cpe:2.3:a:huawei:fusionmanager:v100r003c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53A333D1-1346-4CF3-A17A-25A8A5A92713"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:usg9500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EB84AA3-8F2D-40F4-998F-D8941C38EB15",
            "versionEndIncluding": "v200r001c01spc800"
          },
          {
            "criteria": "cpe:2.3:o:huawei:usg9500_firmware:v300r001c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52132C6A-9B3C-47A1-8889-7B55C3C2A639"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4B6064BB-5E62-4D70-B933-05B5426EEE9C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:usg2100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C486D62-23FD-4D64-AF97-2A70B1D6B715",
            "versionEndIncluding": "v300r001c00spc900"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:usg2100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "56136202-9759-4A86-A52B-AE841319C4DF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:usg2200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD11D623-1A81-4535-9BA1-1C5A118FE70C",
            "versionEndIncluding": "v300r001c00spc900"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:usg2200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A78C3EBF-B7B0-4239-95CF-588D78FF6BA1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:usg5100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B881A96B-5B20-44D3-A039-7EFFEFEFFAF8",
            "versionEndIncluding": "v300r001c00spc900"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:usg5100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5140E0A4-AA43-4410-BE72-7A751B8025D1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:usg5500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1799A24D-062B-4E70-BB59-41B8BC7D0A12",
            "versionEndIncluding": "v300r001c00spc900"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:usg5500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EDC12456-351D-4DA4-8576-7FE9157E61DC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References