Huawei Switches Permission Control Privilege Escalation (HWPSIRT-2015-08048)

Medium Nessus Plugin ID 89057


The remote device is affected by a privilege escalation vulnerability.


The remote Huawei switch is affected by a privilege escalation vulnerability related to improper interaction of user permissions when Authentication, Authorization, and Accounting (AAA) are enabled for permission control on the switch. An authenticated, remote attacker can exploit this to access the virtual type terminal (VTY) for gaining elevated privileges.


Apply the appropriate firmware patch according to the vendor advisory.

See Also

Plugin Details

Severity: Medium

ID: 89057

File Name: huawei-SA-20160217-01-Switch.nasl

Version: $Revision: 1.2 $

Type: combined

Published: 2016/03/01

Modified: 2017/08/15

Dependencies: 76795

Risk Information

Risk Factor: Medium


Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:huawei:versatile_routing_platform

Required KB Items: Host/Huawei/VRP/Series, Host/Huawei/VRP/Version, Host/Huawei/VRP/Model, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/02/17

Vulnerability Publication Date: 2016/02/17

Reference Information

OSVDB: 134752