CVE-2015-8675

Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display.

CVSS v3 6.2 MEDIUM
CVSS v2.0 2.1 LOW

6.2^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160112-01-switch-en	Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160112-01-switch-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:s5300_firmware:v200r005c02:*:*:*:*:*:*:*

cpe:2.3:h:huawei:s5300:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-01-15 19:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-8675

Mitre link : CVE-2015-8675

CVE.ORG link : CVE-2015-8675

JSON object : View

Products Affected

huawei

s5300_firmware
s5300

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2015-8675", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2016-01-15T19:59:00.117", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160112-01-switch-en", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160112-01-switch-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display."}, {"lang": "es", "value": "Switches Huawei S5300 Campus Series con software anterior a V200R005SPH008 no enmascara la contrase\u00f1a cuando se cargan archivos, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible de contrase\u00f1a leyendo la pantalla."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:s5300_firmware:v200r005c02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDC356D3-F015-46A0-8F7A-1C594F19535B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:s5300:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EF480893-332C-48EB-9402-0E3ABEE28C2A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}