Huawei Switches Permission Control Privilege Escalation (HWPSIRT-2015-08048)

medium Nessus Plugin ID 89057

Synopsis

The remote device is affected by a privilege escalation vulnerability.

Description

The remote Huawei switch is affected by a privilege escalation vulnerability related to improper interaction of user permissions when Authentication, Authorization, and Accounting (AAA) are enabled for permission control on the switch. An authenticated, remote attacker can exploit this to access the virtual type terminal (VTY) for gaining elevated privileges.

Solution

Apply the appropriate firmware patch according to the vendor advisory.

See Also

http://www.nessus.org/u?b93d8c11

Plugin Details

Severity: Medium

ID: 89057

File Name: huawei-SA-20160217-01-Switch.nasl

Version: 1.6

Type: combined

Published: 3/1/2016

Updated: 1/6/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:huawei:versatile_routing_platform

Required KB Items: Settings/ParanoidReport, Host/Huawei/VRP/Series, Host/Huawei/VRP/Version, Host/Huawei/VRP/Model

Patch Publication Date: 2/17/2016

Vulnerability Publication Date: 2/17/2016