PT-2017-7462 · Huawei · Huawei Logcenter

Published

2017-04-02

Updated

2017-04-05

CVE-2015-8671

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Huawei LogCenter version V100R001C10

Description The issue allows an authenticated attacker to tamper with requests and submit them to the server for privilege escalation, which can affect some system functions.

Recommendations For Huawei LogCenter version V100R001C10, consider restricting access to system functions that can be affected by privilege escalation until a fix is available. As a temporary workaround, monitor server requests for any signs of tampering and consider implementing additional authentication measures to prevent unauthorized access.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-8671

Affected Products

Huawei Logcenter

PT-2017-7462 · Huawei · Huawei Logcenter

CVE-2015-8671

Weakness Enumeration

Related Identifiers

Affected Products

References · 2