CVE-2015-2254

Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch.

CVSS v3 9.1 CRITICAL
CVSS v2.0 6.4 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/hw-417839	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:oceanstor_uds_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_uds:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-13 16:29

Updated : 2023-12-10 12:59

NVD link : CVE-2015-2254

Mitre link : CVE-2015-2254

CVE.ORG link : CVE-2015-2254

JSON object : View

Products Affected

huawei

oceanstor_uds
oceanstor_uds_firmware

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2015-2254", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2019-03-13T16:29:00.220", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/hw-417839", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch."}, {"lang": "es", "value": "Los dispositivos Huawei OceanStor UDS con software en CVErsiones anteriores a la V100R002C01SPC102 podr\u00edan permitir que los atacantes remotos capturen y cambien la informaci\u00f3n de carga de aprches, lo que resulta en la eliminaci\u00f3n de archivos del directorio y el compromiso de las funciones del sistema al cargar un parche."}], "lastModified": "2019-03-14T13:43:59.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:oceanstor_uds_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F34E772-46BC-49A7-B87F-A2DCF6AA6F41", "versionEndExcluding": "100r002c01spc102"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:oceanstor_uds:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AC160639-5146-4E47-B2A5-E8B466C8ABD2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}