Huawei Switches Permission Control Privilege Escalation (HWPSIRT-2015-08048)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by a privilege escalation vulnerability.

Description :

The remote Huawei switch is affected by a privilege escalation
vulnerability related to improper interaction of user permissions when
Authentication, Authorization, and Accounting (AAA) are enabled for
permission control on the switch. An authenticated, remote attacker
can exploit this to access the virtual type terminal (VTY) for gaining
elevated privileges.

See also :

http://www.nessus.org/u?b93d8c11

Solution :

Apply the appropriate firmware patch according to the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Huawei Local Security Checks

Nessus Plugin ID: 89057 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now