Brute Force Vulnerability in Huawei FusionServer Rack Servers
CVE-2015-7843

8.8HIGH

Key Information:

Vendor: Huawei
Status: Fusionserver Rh8100 V3; Fusionserver Rh1288a V2; Fusionserver Rh2288a V2; Fusionserver Rh1288 V3
Vendor: CVE Published:; 3 October 2017

Summary

The management interface on various Huawei FusionServer rack servers is susceptible to a brute force attack due to insufficient query attempt limits. Remote authenticated users may exploit this to gain access to higher-level user credentials, posing significant security risks. Affected models include multiple versions of the RH2288, RH1288, XH628, RH8100, and CH series servers, necessitating updates to the specified software versions to mitigate this vulnerability.

References

http://www1.huawei.com/en/security/psirt/security-bulleti...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/76836

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2017
Vulnerability Reserved
Oct 16, 2015