CVE-2017-15352

low-risk
Published 2018-02-15

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.1/10 Low
ADJACENT_NETWORK / HIGH complexity

Affected Products (14)

Oceanstor 2800 Firmware
Oceanstor 2800 Firmware
Oceanstor 5300 Firmware
Oceanstor 5300 Firmware
Oceanstor 5300 Firmware
Oceanstor 5500 Firmware
Oceanstor 5500 Firmware
Oceanstor 5500 Firmware
Oceanstor 5600 Firmware
Oceanstor 5600 Firmware
Oceanstor 5600 Firmware
Oceanstor 5800 Firmware
Oceanstor 5800 Firmware
Oceanstor 5800 Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanst...
Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanst...
26
/ 100
low-risk
Severity 8/34 · Low
Exploitability 0/34 · Minimal
Exposure 18/34 · Moderate