CVE-2017-17323 — MEDIUM (4.3)

Vulnerability Description

Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Ibmc Firmware	v200r002c10
Huawei	Ibmc	-

Related Weaknesses (CWE)

CWE-863

References

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibVendor Advisory

FAQ

What is CVE-2017-17323?

CVE-2017-17323 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain i...

How severe is CVE-2017-17323?

CVE-2017-17323 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17323?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ibmc Firmware, Huawei Ibmc.