CVE-2015-7842

Name of the Vulnerable Software and Affected Versions Huawei FusionServer rack servers RH2288 V3 versions prior to V100R003C00SPC603 Huawei FusionServer rack servers RH2288H V3 versions prior to V100R003C00SPC503 Huawei FusionServer rack servers XH628 V3 versions prior to V100R003C00SPC602 Huawei FusionServer rack servers RH1288 V3 versions prior to V100R003C00SPC602 Huawei FusionServer rack servers RH2288A V2 versions prior to V100R002C00SPC701 Huawei FusionServer rack servers RH1288A V2 versions prior to V100R002C00SPC502 Huawei FusionServer rack servers RH8100 V3 versions prior to V100R003C00SPC110 Huawei FusionServer rack servers CH222 V3 versions prior to V100R001C00SPC161 Huawei FusionServer rack servers CH220 V3 versions prior to V100R001C00SPC161 Huawei FusionServer rack servers CH121 V3 versions prior to V100R001C00SPC161

Description The issue allows remote authenticated operators to change server information by leveraging a failure to verify user permissions. This can be exploited by authenticated operators, indicating a potential security risk in the affected Huawei FusionServer rack server models.

Recommendations For RH2288 V3 versions prior to V100R003C00SPC603, update to V100R003C00SPC603 or later. For RH2288H V3 versions prior to V100R003C00SPC503, update to V100R003C00SPC503 or later. For XH628 V3 versions prior to V100R003C00SPC602, update to V100R003C00SPC602 or later. For RH1288 V3 versions prior to V100R003C00SPC602, update to V100R003C00SPC602 or later. For RH2288A V2 versions prior to V100R002C00SPC701, update to V100R002C00SPC701 or later. For RH1288A V2 versions prior to V100R002C00SPC502, update to V100R002C00SPC502 or later. For RH8100 V3 versions prior to V100R003C00SPC110, update to V100R003C00SPC110 or later. For CH222 V3, CH220 V3, and CH121 V3 versions prior to V100R001C00SPC161, update to V100R001C00SPC161 or later.