CVE-2017-8156

{"id": "CVE-2017-8156", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2017-11-22T19:29:03.583", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow the attacker to take control over the outdoor unit."}, {"lang": "es", "value": "La unidad externa del producto CPE (Customer Premise Equipment) B2338-168 V100R001C00 tiene una vulnerabilidad de falta de autenticaci\u00f3n en el puerto en serie. Un atacante podr\u00eda acceder al puerto en serie de la placa base de la unidad externa e iniciar sesi\u00f3n en el CPE sin autenticaci\u00f3n. Un exploit exitoso podr\u00eda permitir que el atacante tome el control de la unidad externa."}], "lastModified": "2024-11-21T03:33:25.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:b2338-168_firmware:v100r001c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD789B64-6402-4D02-80F8-8B4AE3AD4D45"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:b2338-168:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C2FBFF5-2AE7-4F3C-9D1D-111C07F75717"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}