PT-2016-7156 · Huawei · Huawei E9000+1
Published
2016-09-07
·
Updated
2016-09-08
·
CVE-2016-6898
CVSS v3.1
6.6
Medium
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei E9000 rack servers with software before V100R001C00SPC296
Description
The issue is related to an XML external entity (XXE) vulnerability in the Hyper Management Module (HMM). This allows remote authenticated users to read arbitrary files or cause a denial of service, resulting in a web service outage, by sending a crafted XML document.
Recommendations
For Huawei E9000 rack servers with software before V100R001C00SPC296, update to V100R001C00SPC296 or later to resolve the issue. As a temporary workaround, consider restricting access to the HMM to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei E9000
Hyper Module Management