Oceanstor Uds Firmware
by Huawei
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2254 | Cri | 0.59 | 9.1 | 0.01 | Mar 13, 2019 | Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch. | ||
| CVE-2015-2252 | Hig | 0.57 | 8.8 | 0.02 | Jun 8, 2017 | Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | ||
| CVE-2015-2251 | Hig | 0.49 | 7.5 | 0.01 | Jun 8, 2017 | The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. | ||
| CVE-2016-5822 | Hig | 0.49 | 7.5 | 0.02 | Jan 27, 2017 | Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets. | ||
| CVE-2016-5722 | Hig | 0.48 | 7.3 | 0.01 | Jun 24, 2016 | Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. | ||
| CVE-2019-5267 | Med | 0.36 | 5.5 | 0.00 | Dec 23, 2019 | Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure. | ||
| CVE-2015-2253 | Med | 0.33 | 5.0 | 0.01 | Jun 8, 2017 | The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. |
- risk 0.59cvss 9.1epss 0.01
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch.
- risk 0.57cvss 8.8epss 0.02
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.
- risk 0.49cvss 7.5epss 0.01
The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.
- risk 0.49cvss 7.5epss 0.02
Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets.
- risk 0.48cvss 7.3epss 0.01
Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.
- risk 0.36cvss 5.5epss 0.00
Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure.
- risk 0.33cvss 5.0epss 0.01
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.