Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5722

Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.

Published

2016-06-24T17:59:04.597

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.3 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	huawei	ocean_stor_18500_v3	-	No
Hardware	huawei	ocean_stor_18800_v3	-	No
Application	huawei	ocean_stor_firmware	≤ v300r003c00spc100	Yes
Hardware	huawei	ocean_stor_5300_v3	-	No
Hardware	huawei	ocean_stor_5500_v3	-	No
Hardware	huawei	ocean_stor_5600_v3	-	No
Hardware	huawei	ocean_stor_5800_v3	-	No
Hardware	huawei	ocean_stor_6800_v3	-	No
Application	huawei	ocean_stor_firmware	≤ v300r002c10spc200	Yes
Application	huawei	ocean_stor_firmware	≤ v300r003c00spc100	Yes

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)