CVE-2015-7843

Name of the Vulnerable Software and Affected Versions Huawei FusionServer rack servers RH2288 V3 versions prior to V100R003C00SPC603 Huawei FusionServer rack servers RH2288H V3 versions prior to V100R003C00SPC503 Huawei FusionServer rack servers XH628 V3 versions prior to V100R003C00SPC602 Huawei FusionServer rack servers RH1288 V3 versions prior to V100R003C00SPC602 Huawei FusionServer rack servers RH2288A V2 versions prior to V100R002C00SPC701 Huawei FusionServer rack servers RH1288A V2 versions prior to V100R002C00SPC502 Huawei FusionServer rack servers RH8100 V3 versions prior to V100R003C00SPC110 Huawei FusionServer rack servers CH222 V3 versions prior to V100R001C00SPC161 Huawei FusionServer rack servers CH220 V3 versions prior to V100R001C00SPC161 Huawei FusionServer rack servers CH121 V3 versions prior to V100R001C00SPC161

Description The management interface on the affected Huawei FusionServer rack servers does not limit the number of query attempts, allowing remote authenticated users to obtain credentials of higher-level users via a brute force attack.

Recommendations For RH2288 V3 versions prior to V100R003C00SPC603, update to V100R003C00SPC603 or later. For RH2288H V3 versions prior to V100R003C00SPC503, update to V100R003C00SPC503 or later. For XH628 V3 versions prior to V100R003C00SPC602, update to V100R003C00SPC602 or later. For RH1288 V3 versions prior to V100R003C00SPC602, update to V100R003C00SPC602 or later. For RH2288A V2 versions prior to V100R002C00SPC701, update to V100R002C00SPC701 or later. For RH1288A V2 versions prior to V100R002C00SPC502, update to V100R002C00SPC502 or later. For RH8100 V3 versions prior to V100R003C00SPC110, update to V100R003C00SPC110 or later. For CH222 V3, CH220 V3, and CH121 V3 versions prior to V100R001C00SPC161, update to V100R001C00SPC161 or later.