Home

CVE-2017-15327

Description

S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.106

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2016-8773 ,CVE-2017-15327 ,CVE-2017-17141 ,CVE-2017-17300 are affected in s12700_firmware v200r009c00NCM
Multiple Vulnerabilities affected in s12700_firmware v200r008c00NCM
Vulnerabilities CVE-2016-8773 ,CVE-2017-15327 ,CVE-2017-17141 ,CVE-2019-19397 are affected in s12700_firmware v200r007c01NCM
Multiple Vulnerabilities affected in s12700_firmware v200r007c00NCM
Vulnerabilities CVE-2016-8786 ,CVE-2017-15327 ,CVE-2017-17141 ,CVE-2019-5285 are affected in s12700_firmware v200r006c00NCM
Multiple Vulnerabilities affected in s12700_firmware v200r005c00NCM
Vulnerabilities CVE-2017-15327 ,CVE-2019-19397 ,CVE-2019-5285 are affected in s12700_firmware v200r010c00NCM
Vulnerabilities CVE-2017-15327 are affected in s12700_firmware v200r008c06NCM
Vulnerabilities CVE-2017-15327 ,CVE-2017-17141 ,CVE-2019-19397 are affected in s12700_firmware v200r007c20NCM
Vulnerabilities CVE-2017-15327 are affected in s12700_firmware v200r006c01NCM
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15327)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234