PT-2015-7766 · Huawei · Huawei Video Content Management+1

Published

2015-11-25

Updated

2017-09-08

CVE-2015-8332

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Huawei Video Content Management (VCM) versions prior to V100R001C10SPC001

Description The issue arises from improper authentication of online user identities and privileges, allowing remote authenticated users to gain privileges and perform operations as another user via crafted messages. This can lead to horizontal privilege escalation, where an attacker can send malicious messages to the server and perform illegitimate operations on cases created by other users, affecting other user operations.

Recommendations For versions prior to V100R001C10SPC001, update to V100R001C10SPC001 or later to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2015-8332

Affected Products

Huawei Vrp

Huawei Video Content Management

PT-2015-7766 · Huawei · Huawei Video Content Management+1

CVE-2015-8332

Weakness Enumeration

Related Identifiers

Affected Products

References · 4