Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-15352

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-15 Feb, 2018 | 16:00
Updated At-05 Aug, 2024 | 19:57
Rejected At-
Credits

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:15 Feb, 2018 | 16:00
Updated At:05 Aug, 2024 | 19:57
Rejected At:
▼CVE Numbering Authority (CNA)

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.

Affected Products
Vendor
Huawei Technologies Co., Ltd.Huawei Technologies Co., Ltd.
Product
OceanStor 2800 V3,OceanStor 5300 V3,OceanStor 5500 V3,OceanStor 5600 V3,OceanStor 5800 V3
Versions
Affected
  • OceanStor 2800 V3 ,V300R003C00 ,V300R003C20 ,OceanStor 5300 V3 ,V300R003C00 ,V300R003C10 ,V300R003C20 ,OceanStor 5500 V3 ,V300R003C00 ,V300R003C10 ,V300R003C20 ,OceanStor 5600 V3 ,V300R003C00 ,V300R003C10 ,V300R003C20 ,OceanStor 5800 V3 ,V300R003C00 ,V300R003C10 ,V300R003C20
Problem Types
TypeCWE IDDescription
textN/AImproper Access Control
Type: text
CWE ID: N/A
Description: Improper Access Control
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en
x_refsource_CONFIRM
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:15 Feb, 2018 | 16:29
Updated At:03 Oct, 2019 | 00:03

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.03.1LOW
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L
Primary2.02.9LOW
AV:A/AC:H/Au:S/C:P/I:N/A:P
Type: Primary
Version: 3.0
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L
Type: Primary
Version: 2.0
Base score: 2.9
Base severity: LOW
Vector:
AV:A/AC:H/Au:S/C:P/I:N/A:P
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_2800_firmware>>v300r003c00
cpe:2.3:o:huawei:oceanstor_2800_firmware:v300r003c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_2800_firmware>>v300r003c20
cpe:2.3:o:huawei:oceanstor_2800_firmware:v300r003c20:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_2800>>-
cpe:2.3:h:huawei:oceanstor_2800:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5300_firmware>>v300r003c00
cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5300_firmware>>v300r003c10
cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c10:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5300_firmware>>v300r003c20
cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c20:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5300>>-
cpe:2.3:h:huawei:oceanstor_5300:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5500_firmware>>v300r003c00
cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5500_firmware>>v300r003c10
cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c10:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5500_firmware>>v300r003c20
cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c20:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5500>>-
cpe:2.3:h:huawei:oceanstor_5500:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5600_firmware>>v300r003c00
cpe:2.3:o:huawei:oceanstor_5600_firmware:v300r003c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5600_firmware>>v300r003c10
cpe:2.3:o:huawei:oceanstor_5600_firmware:v300r003c10:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5600_firmware>>v300r003c20
cpe:2.3:o:huawei:oceanstor_5600_firmware:v300r003c20:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5600>>-
cpe:2.3:h:huawei:oceanstor_5600:-:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5800_firmware>>v300r003c00
cpe:2.3:o:huawei:oceanstor_5800_firmware:v300r003c00:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5800_firmware>>v300r003c10
cpe:2.3:o:huawei:oceanstor_5800_firmware:v300r003c10:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5800_firmware>>v300r003c20
cpe:2.3:o:huawei:oceanstor_5800_firmware:v300r003c20:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>oceanstor_5800>>-
cpe:2.3:h:huawei:oceanstor_5800:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-732Primarynvd@nist.gov
CWE ID: CWE-732
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-enpsirt@huawei.com
Vendor Advisory
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en
Source: psirt@huawei.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

16Records found
CVE-2023-1692
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.54%
||
7 Day CHG~0.00%
Published-20 May, 2023 | 14:10
Updated-21 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-30413
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.38%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 08:03
Updated-28 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-7924
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-2.4||LOW
EPSS-0.03% / 5.22%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 15:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-anne-al00anne-al00_firmwareAnne-AL00
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-52116
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.38%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 08:24
Updated-02 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-52715
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.09% / 27.15%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 09:00
Updated-28 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-52107
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.16%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 08:25
Updated-29 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-52388
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.37%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 08:39
Updated-13 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the clock module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIemuiharmonyos
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-52554
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.79%
||
7 Day CHG+0.01%
Published-08 Apr, 2024 | 09:01
Updated-13 Mar, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-4565
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.38%
||
7 Day CHG~0.00%
Published-26 Sep, 2023 | 01:25
Updated-25 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-41295
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.78%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 11:02
Updated-24 Sep, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-54618
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.7||MEDIUM
EPSS-0.01% / 0.96%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 01:32
Updated-20 Aug, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the distributed clipboard module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-5212
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.59%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 19:39
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-p20p20_firmwareP20
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-5222
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.53%
||
7 Day CHG~0.00%
Published-17 Jul, 2019 | 21:38
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and successful exploit could result in information disclosure.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-honor_magic_2honor_magic_2_firmwareHonor Magic 2
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-34154
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.75%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 06:54
Updated-17 Dec, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-39992
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.46%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:03
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUI
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2017-8158
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.04%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-fusioncomputeFusionCompute
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
Details not found