ByteOS Network

Vulnerability Details :

CVE-2016-8803

Assigner-huawei

Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e

Published At-02 Apr, 2017 | 20:00

Updated At-06 Aug, 2024 | 02:35

The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:huawei

Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e

Published At:02 Apr, 2017 | 20:00

Updated At:06 Aug, 2024 | 02:35

▼CVE Numbering Authority (CNA)

The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage.

Affected Products

Vendor

n/a

Product

FusionStorage V100R003C30U1

Versions

Affected

FusionStorage V100R003C30U1

Problem Types

Type	CWE ID	Description
text	N/A	privilege escalation

Type: text

CWE ID: N/A

Description: privilege escalation

References

Hyperlink	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en	x_refsource_CONFIRM
http://www.securityfocus.com/bid/94507	vdb-entry x_refsource_BID

Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/94507

Resource:

vdb-entry

x_refsource_BID

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/94507	vdb-entry x_refsource_BID x_transferred

Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/bid/94507

Resource:

vdb-entry

x_refsource_BID

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@huawei.com

Published At:02 Apr, 2017 | 20:59

Updated At:20 Apr, 2025 | 01:37

The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.5	HIGH	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Primary	2.0	4.1	MEDIUM	AV:L/AC:M/Au:S/C:P/I:P/A:P

Type: Primary

Version: 3.0

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 4.1

Base severity: MEDIUM

Vector:

AV:L/AC:M/Au:S/C:P/I:P/A:P

CPE Matches

Huawei Technologies Co., Ltd.

>>fusionstorage>>v100r003c30u1

cpe:2.3:a:huawei:fusionstorage:v100r003c30u1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en	psirt@huawei.com	Vendor Advisory
http://www.securityfocus.com/bid/94507	psirt@huawei.com	Third Party Advisory VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.securityfocus.com/bid/94507	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry

Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en

Source: psirt@huawei.com

Resource:

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/94507

Source: psirt@huawei.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/94507

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

VDB Entry

Similar CVEs

1Records found

CVE-2016-8764

Matching Score-8

Assigner-Huawei Technologies

View Details

Matching Score-8

Assigner-Huawei Technologies

CVSS Score-6.4||MEDIUM

EPSS-0.03% / 7.45%

7 Day CHG~0.00%

Published-02 Apr, 2017 | 20:00

Updated-20 Apr, 2025 | 01:37

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to read and write user-mode memory data anywhere in the TrustZone driver.

Vendor-n/a Huawei Technologies Co., Ltd.

Product-p9_lite_firmware p9_lite p8_lite p9_firmware p8_lite_firmware p9 P9,P9 Lite,P8 Lite Versions earlier than EVA-AL10C00B352,VNS-L21C185B130 and earlier versions,ALE-L02C636B150 and earlier versions

CWE ID-CWE-20

Improper Input Validation

CVE-2016-8803

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs