Huawei OceanStor 5600 up to V300R003C00C10 command injection

A vulnerability classified as critical has been found in Huawei OceanStor 5600 up to V300R003C00C10. This affects an unknown part. The manipulation leads to command injection. The CWE definition for the vulnerability is CWE-77. The bug was discovered 12/07/2016. The weakness was published 04/02/2017 as sa-20161207-01 (Website). The advisory is shared at huawei.com. This vulnerability is uniquely identified as CVE-2016-8801. It is possible to initiate the attack remotely. There are no technical details available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1202 for this issue. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 116 days. We expect the 0-day to have been worth approximately $5k-$25k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94832).

Field04/03/2017 09:09 AM08/25/2020 10:14 AM11/24/2022 03:47 PM
vendorHuaweiHuaweiHuawei
nameOceanStor 5600OceanStor 5600OceanStor 5600
version<=V300R003C00C10<=V300R003C00C10<=V300R003C00C10
cwe77 (command injection)77 (command injection)77 (command injection)
risk222
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore6.56.56.5
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auSSS
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore5.95.95.9
cvss3_meta_tempscore5.95.95.9
cvss3_vuldb_basescore4.74.74.7
cvss3_vuldb_tempscore4.74.74.7
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prHHH
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-storage-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-storage-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-storage-en
price_0day$5k-$25k$5k-$25k$5k-$25k
cveCVE-2016-8801CVE-2016-8801CVE-2016-8801
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryHuawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege.Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege.Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege.
securityfocus948329483294832
securityfocus_titleHuawei Storage Products CVE-2016-8801 Remote Privilege Escalation VulnerabilityHuawei Storage Products CVE-2016-8801 Remote Privilege Escalation VulnerabilityHuawei Storage Products CVE-2016-8801 Remote Privilege Escalation Vulnerability
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days116116116
cvss3_nvd_basescore7.27.27.2
discoverydate14810688001481068800
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-storage-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-storage-en
osvdb_titleCVE-2016-8801 - Huawei - OceanStor 5600 V3 - Privilege Escalation IssueCVE-2016-8801 - Huawei - OceanStor 5600 V3 - Privilege Escalation Issue
securityfocus_date1481068800 (12/07/2016)1481068800 (12/07/2016)
securityfocus_classDesign ErrorDesign Error
identifiersa-20161207-01
cvss2_nvd_basescore9.0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!