Huawei Switches Permission Control Privilege Escalation (HWPSIRT-2015-08048)

medium Nessus Plugin ID 89057

Language:

Synopsis

The remote device is affected by a privilege escalation vulnerability.

Description

The remote Huawei switch is affected by a privilege escalation vulnerability related to improper interaction of user permissions when Authentication, Authorization, and Accounting (AAA) are enabled for permission control on the switch. An authenticated, remote attacker can exploit this to access the virtual type terminal (VTY) for gaining elevated privileges.

Solution

Apply the appropriate firmware patch according to the vendor advisory.

Plugin Details

Severity: Medium

ID: 89057

File Name: huawei-SA-20160217-01-Switch.nasl

Version: 1.6

Type: combined

Family: Huawei Local Security Checks

Published: 3/1/2016

Updated: 1/6/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/o:huawei:versatile_routing_platform

Required KB Items: Settings/ParanoidReport, Host/Huawei/VRP/Series, Host/Huawei/VRP/Version, Host/Huawei/VRP/Model

Patch Publication Date: 2/17/2016

Vulnerability Publication Date: 2/17/2016

Detections

Analytics