#VU734 Password decryption in Huawei products - CVE-2015-8085
Published: October 4, 2016 / Updated: January 17, 2020
Vulnerability identifier: #VU734
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2015-8085
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Huawei Quidway S5300
Huawei S5300
Huawei S5700
Huawei S9300
Huawei S12700
Huawei Quidway S9300
Huawei AR
Huawei Quidway S5300
Huawei S5300
Huawei S5700
Huawei S9300
Huawei S12700
Huawei Quidway S9300
Huawei AR
Software vendor:
Huawei
Huawei
Description
The vulnerability allows remote authenticated administrators to access and decrypt valid user's passwords.
The weakness exists due to insufficient access control. By leveraging selection of a reversible encryption algorithm attackers can obtain confidential data.
Succesful exploitation of the vulnerability may result in password decryption.
The weakness exists due to insufficient access control. By leveraging selection of a reversible encryption algorithm attackers can obtain confidential data.
Succesful exploitation of the vulnerability may result in password decryption.
Remediation
Update Huawei AR to V200R007C00SPC100.
Update Huawei Quidway S9300 to V200R009C00.
Update Huawei S12700 to V200R008C00SPC500.
Update Huawei S9300, Quidway S5300, and S5300 to V200R007C00.
Update Huawei S5700 to V200R007C00SPC500.
Update Huawei Quidway S9300 to V200R009C00.
Update Huawei S12700 to V200R008C00SPC500.
Update Huawei S9300, Quidway S5300, and S5300 to V200R007C00.
Update Huawei S5700 to V200R007C00SPC500.