Physical Access Vulnerability in Huawei Routers and Switches
CVE-2015-7846

4.6MEDIUM

Key Information:

Vendor: Huawei
Status: S9300 Firmware
Vendor: CVE Published:; 25 September 2017

What is CVE-2015-7846?

Huawei products including the S7700, S9700, S9300 series and AR200, AR1200, AR2200, and AR3200 series prior to specific software versions are susceptible to an information disclosure vulnerability. An attacker with physical access to the CF card of these devices may exploit this weakness to retrieve sensitive information, which compromises the security posture of the affected systems. Organizations using these routers and switches should ensure that physical security measures are strictly enforced.

References

http://www1.huawei.com/en/security/psirt/security-bulleti...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/76173

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2017
Vulnerability Reserved
Oct 16, 2015