CVE-2016-2404
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation.
Switches Huawei S5700, S6700, S7700, S9700 con software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 con software V200R005C00SPC500, V200R006C00; ACU2 con software V200R005C00SPC500, V200R006C00 tiene una vulnerabilidad de control de permisos. Si un switch habilita Authentication, Authorization y Accounting (AAA) para el control de permisos y los permisos de usuario no son apropiados, los usuarios AAA pueden obtener el permiso de acceso al terminal de tipo virtual (VTY), resultando en una escalada de privilegios.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-02-18 CVE Reserved
- 2017-04-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en | 2017-04-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Huawei Search vendor "Huawei" | S5700 Firmware Search vendor "Huawei" for product "S5700 Firmware" | v200r001c00spc300 Search vendor "Huawei" for product "S5700 Firmware" and version "v200r001c00spc300" | - |
Affected
| in | Huawei Search vendor "Huawei" | S5700 Search vendor "Huawei" for product "S5700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S5700 Firmware Search vendor "Huawei" for product "S5700 Firmware" | v200r002c00spc100 Search vendor "Huawei" for product "S5700 Firmware" and version "v200r002c00spc100" | - |
Affected
| in | Huawei Search vendor "Huawei" | S5700 Search vendor "Huawei" for product "S5700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S5700 Firmware Search vendor "Huawei" for product "S5700 Firmware" | v200r003c00spc300 Search vendor "Huawei" for product "S5700 Firmware" and version "v200r003c00spc300" | - |
Affected
| in | Huawei Search vendor "Huawei" | S5700 Search vendor "Huawei" for product "S5700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S5700 Firmware Search vendor "Huawei" for product "S5700 Firmware" | v200r005c00spc500 Search vendor "Huawei" for product "S5700 Firmware" and version "v200r005c00spc500" | - |
Affected
| in | Huawei Search vendor "Huawei" | S5700 Search vendor "Huawei" for product "S5700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S5700 Firmware Search vendor "Huawei" for product "S5700 Firmware" | v200r006c00 Search vendor "Huawei" for product "S5700 Firmware" and version "v200r006c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | S5700 Search vendor "Huawei" for product "S5700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S6700 Firmware Search vendor "Huawei" for product "S6700 Firmware" | v200r001c00spc300 Search vendor "Huawei" for product "S6700 Firmware" and version "v200r001c00spc300" | - |
Affected
| in | Huawei Search vendor "Huawei" | S6700 Search vendor "Huawei" for product "S6700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S6700 Firmware Search vendor "Huawei" for product "S6700 Firmware" | v200r002c00spc100 Search vendor "Huawei" for product "S6700 Firmware" and version "v200r002c00spc100" | - |
Affected
| in | Huawei Search vendor "Huawei" | S6700 Search vendor "Huawei" for product "S6700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S6700 Firmware Search vendor "Huawei" for product "S6700 Firmware" | v200r003c00spc300 Search vendor "Huawei" for product "S6700 Firmware" and version "v200r003c00spc300" | - |
Affected
| in | Huawei Search vendor "Huawei" | S6700 Search vendor "Huawei" for product "S6700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S6700 Firmware Search vendor "Huawei" for product "S6700 Firmware" | v200r005c00spc500 Search vendor "Huawei" for product "S6700 Firmware" and version "v200r005c00spc500" | - |
Affected
| in | Huawei Search vendor "Huawei" | S6700 Search vendor "Huawei" for product "S6700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S6700 Firmware Search vendor "Huawei" for product "S6700 Firmware" | v200r006c00 Search vendor "Huawei" for product "S6700 Firmware" and version "v200r006c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | S6700 Search vendor "Huawei" for product "S6700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S7700 Firmware Search vendor "Huawei" for product "S7700 Firmware" | v200r001c00spc300 Search vendor "Huawei" for product "S7700 Firmware" and version "v200r001c00spc300" | - |
Affected
| in | Huawei Search vendor "Huawei" | S7700 Search vendor "Huawei" for product "S7700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S7700 Firmware Search vendor "Huawei" for product "S7700 Firmware" | v200r002c00spc100 Search vendor "Huawei" for product "S7700 Firmware" and version "v200r002c00spc100" | - |
Affected
| in | Huawei Search vendor "Huawei" | S7700 Search vendor "Huawei" for product "S7700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S7700 Firmware Search vendor "Huawei" for product "S7700 Firmware" | v200r003c00spc300 Search vendor "Huawei" for product "S7700 Firmware" and version "v200r003c00spc300" | - |
Affected
| in | Huawei Search vendor "Huawei" | S7700 Search vendor "Huawei" for product "S7700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S7700 Firmware Search vendor "Huawei" for product "S7700 Firmware" | v200r005c00spc500 Search vendor "Huawei" for product "S7700 Firmware" and version "v200r005c00spc500" | - |
Affected
| in | Huawei Search vendor "Huawei" | S7700 Search vendor "Huawei" for product "S7700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S7700 Firmware Search vendor "Huawei" for product "S7700 Firmware" | v200r006c00 Search vendor "Huawei" for product "S7700 Firmware" and version "v200r006c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | S7700 Search vendor "Huawei" for product "S7700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S9700 Firmware Search vendor "Huawei" for product "S9700 Firmware" | v200r001c00spc300 Search vendor "Huawei" for product "S9700 Firmware" and version "v200r001c00spc300" | - |
Affected
| in | Huawei Search vendor "Huawei" | S9700 Search vendor "Huawei" for product "S9700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S9700 Firmware Search vendor "Huawei" for product "S9700 Firmware" | v200r002c00spc100 Search vendor "Huawei" for product "S9700 Firmware" and version "v200r002c00spc100" | - |
Affected
| in | Huawei Search vendor "Huawei" | S9700 Search vendor "Huawei" for product "S9700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S9700 Firmware Search vendor "Huawei" for product "S9700 Firmware" | v200r003c00spc300 Search vendor "Huawei" for product "S9700 Firmware" and version "v200r003c00spc300" | - |
Affected
| in | Huawei Search vendor "Huawei" | S9700 Search vendor "Huawei" for product "S9700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S9700 Firmware Search vendor "Huawei" for product "S9700 Firmware" | v200r005c00spc500 Search vendor "Huawei" for product "S9700 Firmware" and version "v200r005c00spc500" | - |
Affected
| in | Huawei Search vendor "Huawei" | S9700 Search vendor "Huawei" for product "S9700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S9700 Firmware Search vendor "Huawei" for product "S9700 Firmware" | v200r006c00 Search vendor "Huawei" for product "S9700 Firmware" and version "v200r006c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | S9700 Search vendor "Huawei" for product "S9700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S12700 Firmware Search vendor "Huawei" for product "S12700 Firmware" | v200r005c00spc500 Search vendor "Huawei" for product "S12700 Firmware" and version "v200r005c00spc500" | - |
Affected
| in | Huawei Search vendor "Huawei" | S12700 Search vendor "Huawei" for product "S12700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | S12700 Firmware Search vendor "Huawei" for product "S12700 Firmware" | v200r006c00 Search vendor "Huawei" for product "S12700 Firmware" and version "v200r006c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | S12700 Search vendor "Huawei" for product "S12700" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Acu2 Firmware Search vendor "Huawei" for product "Acu2 Firmware" | v200r005c00spc500 Search vendor "Huawei" for product "Acu2 Firmware" and version "v200r005c00spc500" | - |
Affected
| in | Huawei Search vendor "Huawei" | Acu2 Search vendor "Huawei" for product "Acu2" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Acu2 Firmware Search vendor "Huawei" for product "Acu2 Firmware" | v200r006c00 Search vendor "Huawei" for product "Acu2 Firmware" and version "v200r006c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Acu2 Search vendor "Huawei" for product "Acu2" | - | - |
Safe
|