nvd-json-data-feeds/CVE-2015/CVE-2015-83xx/CVE-2015-8331.json

{
  "id": "CVE-2015-8331",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2016-01-11T15:59:04.543",
  "lastModified": "2016-01-11T23:36:51.633",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an \"abnormal exit\" occurs, which allows remote attackers to conduct replay attacks via the session ID."
    },
    {
      "lang": "es",
      "value": "The Operation and Maintenance Unit (OMU) en Huawei VCN500 con software en versiones anteriores a V100R002C00SPC200 no invalida adecuadamente la ID de sesi\u00f3n cuando ocurre un \"\"abnormal exit\", lo que permite a atacantes remotos llevar a cabo ataques de repetici\u00f3n a trav\u00e9s de una ID de sesi\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:huawei:vcn500:v100r002c00spc200b010:*:*:*:*:*:*:*",
              "matchCriteriaId": "280BB8D6-0B28-4CC0-86A5-E60B89E99380"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:huawei:vcn500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E191C10C-39A6-4F67-A714-76B0D8CD1B8B"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463067.htm",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}