CVE-2015-8228

Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:ar_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:huawei:ar160::::::::
	cpe:2.3:h:huawei:ar200::::::::
	cpe:2.3:h:huawei:ar500::::::::
	cpe:2.3:h:huawei:ar150::::::::
	cpe:2.3:h:huawei:ar1200::::::::
	cpe:2.3:h:huawei:ar2200::::::::
	cpe:2.3:h:huawei:ar3200::::::::
	cpe:2.3:h:huawei:ar3600::::::::
	cpe:2.3:h:huawei:ar120::::::::

Information

Published : 2015-11-24 20:59

Updated : 2015-11-25 18:31

NVD link : CVE-2015-8228

Mitre link : CVE-2015-8228

JSON object : View

Products Affected

huawei

ar_firmware
ar150
ar120
ar3600
ar200
ar1200
ar160
ar3200
ar500
ar2200

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm", "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-8228", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-11-24T20:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:huawei:ar_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "v200r006c10"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:huawei:ar160:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:huawei:ar200:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:huawei:ar500:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:huawei:ar150:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:huawei:ar1200:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:huawei:ar2200:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:huawei:ar3200:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:huawei:ar3600:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:huawei:ar120:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2015-11-25T18:31Z"}