Huawei Switches Permission Control Privilege Escalation (HWPSIRT-2015-08048)
Medium Nessus Plugin ID 89057
SynopsisThe remote device is affected by a privilege escalation vulnerability.
DescriptionThe remote Huawei switch is affected by a privilege escalation vulnerability related to improper interaction of user permissions when Authentication, Authorization, and Accounting (AAA) are enabled for permission control on the switch. An authenticated, remote attacker can exploit this to access the virtual type terminal (VTY) for gaining elevated privileges.
SolutionApply the appropriate firmware patch according to the vendor advisory.