CVE-2015-8086

moderate-risk

Published 2016-10-03

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.9/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Quidway S5300 Firmware

Quidway S9300 Firmware

S5700 Firmware

S12700 Firmware

Ar Firmware

S5300 Firmware

S9300 Firmware

Quidway S9300 Firmware

S5700 Firmware

S12700 Firmware

Ar Firmware

S5300 Firmware

Affected Vendors

Huawei

References (4)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/hw-455876

http://www.securityfocus.com/bid/76897

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/hw-455876

http://www.securityfocus.com/bid/76897

/ 100

moderate-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 20/34 · Moderate