CVE-2014-9137 - OpenCVE

Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Usg9500 Firmware Usg2200 Usg2200 Firmware Usg5500 Firmware Usg5100 Firmware Usg5500 Usg5100 Usg2100 Usg9500 Usg2100 Firmware Fusionmanager

Configuration 1 [-]

OR	cpe:2.3:a:huawei:fusionmanager:v100r002c03:::::::*
	cpe:2.3:a:huawei:fusionmanager:v100r003c00:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:o:huawei:usg9500_firmware::::::::
	cpe:2.3:o:huawei:usg9500_firmware:v300r001c00:::::::*

cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:usg2100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:usg2100:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:usg2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:usg2200:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:huawei:usg5100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:usg5100:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:huawei:usg5500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:usg5500:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/hw-372186	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2017-04-02T20:00:00

Updated: 2017-04-02T19:57:01

Reserved: 2014-11-28T00:00:00

Link: CVE-2014-9137

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-04-02T20:59:00.470

Modified: 2017-04-07T12:10:45.547

Link: CVE-2014-9137

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,", "vendor": "n/a", "versions": [{"status": "affected", "version": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,"}]}], "datePublic": "2017-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."}], "problemTypes": [{"descriptions": [{"description": "CSRF", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-02T19:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2014-9137", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,", "version": {"version_data": [{"version_value": "USG9500,USG2100,USG2200,USG5100,USG5500, USG9500 V200R001C01SPC800 and earlier versions, All V300R001C00 versions,USG2100 V300R001C00SPC900 and earlier versions,USG2200 V300R001C00SPC900,USG5100 V300R001C00SPC900,"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CSRF"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/hw-372186", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2014-9137", "datePublished": "2017-04-02T20:00:00", "dateReserved": "2014-11-28T00:00:00", "dateUpdated": "2017-04-02T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:huawei:fusionmanager:v100r002c03:*:*:*:*:*:*:*", "matchCriteriaId": "433EA4EE-77D4-40B7-8DD2-BC8500A498E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:fusionmanager:v100r003c00:*:*:*:*:*:*:*", "matchCriteriaId": "53A333D1-1346-4CF3-A17A-25A8A5A92713", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:usg9500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4EB84AA3-8F2D-40F4-998F-D8941C38EB15", "versionEndIncluding": "v200r001c01spc800", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v300r001c00:*:*:*:*:*:*:*", "matchCriteriaId": "52132C6A-9B3C-47A1-8889-7B55C3C2A639", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B6064BB-5E62-4D70-B933-05B5426EEE9C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:usg2100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C486D62-23FD-4D64-AF97-2A70B1D6B715", "versionEndIncluding": "v300r001c00spc900", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:usg2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "56136202-9759-4A86-A52B-AE841319C4DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:usg2200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD11D623-1A81-4535-9BA1-1C5A118FE70C", "versionEndIncluding": "v300r001c00spc900", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:usg2200:-:*:*:*:*:*:*:*", "matchCriteriaId": "A78C3EBF-B7B0-4239-95CF-588D78FF6BA1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:usg5100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B881A96B-5B20-44D3-A039-7EFFEFEFFAF8", "versionEndIncluding": "v300r001c00spc900", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:usg5100:-:*:*:*:*:*:*:*", "matchCriteriaId": "5140E0A4-AA43-4410-BE72-7A751B8025D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:usg5500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1799A24D-062B-4E70-BB59-41B8BC7D0A12", "versionEndIncluding": "v300r001c00spc900", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:usg5500:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDC12456-351D-4DA4-8576-7FE9157E61DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."}, {"lang": "es", "value": "Huawei USG9500 con software V200R001C01SPC800 y versiones anteriores, V300R001C00; USG2100 con software V300R001C00SPC900 y versiones anteriores; USG2200 con software V300R001C00SPC900; USG5100 con software V300R001C00SPC900 podr\u00edan permitir a un atacante remoto no autenticado, llevar a cabo un ataque de CSRF contra el usuario de la interfaz web."}], "id": "CVE-2014-9137", "lastModified": "2017-04-07T12:10:45.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-02T20:59:00.470", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}