Password leak in Huawei products - CVE-2015-8086
Published: October 4, 2016 / Updated: January 17, 2020
Vulnerability identifier: #VU733
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2015-8086
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Huawei
Affected software:
Huawei S5300
Huawei S5700
Huawei Quidway S5300
Huawei S9300
Huawei S12700
Huawei Quidway S9300
Huawei AR
Huawei S5300
Huawei S5700
Huawei Quidway S5300
Huawei S9300
Huawei S12700
Huawei Quidway S9300
Huawei AR
Detailed vulnerability description
The vulnerability allows a remote authenticated administrators to obtain confidential information on the target system.
The weakness is caused by insufficient access control. By using vectors related to key storage attackers can access encryption keys and ciphertext passwords.
Successful exploitation of the vulnerability leads to passwords leak on the vulnerable system.
The weakness is caused by insufficient access control. By using vectors related to key storage attackers can access encryption keys and ciphertext passwords.
Successful exploitation of the vulnerability leads to passwords leak on the vulnerable system.
How to mitigate CVE-2015-8086
Update Huawei AR to V200R007C00SPC100.
Update Huawei Quidway S9300 to V200R009C00.
Update Huawei S12700 to V200R008C00SPC500.
Update Huawei S9300 to V200R007C00.
Update Huawei Quidway S5300 to V200R007C00.
Update Huawei S5700 to V200R007C00SPC500.
Update Huawei S5300 to V200R007C00.
Update Huawei Quidway S9300 to V200R009C00.
Update Huawei S12700 to V200R008C00SPC500.
Update Huawei S9300 to V200R007C00.
Update Huawei Quidway S5300 to V200R007C00.
Update Huawei S5700 to V200R007C00SPC500.
Update Huawei S5300 to V200R007C00.