Remote Code Execution Vulnerability in Huawei OceanStor UDS Devices
CVE-2015-2253

5MEDIUM

Key Information:

Vendor: Huawei
Status: Oceanstor Uds Firmware
Vendor: CVE Published:; 8 June 2017

Summary

The XML interface in Huawei OceanStor UDS devices prior to version V100R002C01SPC102 is susceptible to a vulnerability that enables remote authenticated users to obtain sensitive data. By sending specially crafted XML documents, attackers can exploit this weakness to gain unauthorized access to confidential information, raising significant security concerns for organizations relying on these devices.

References

http://www1.huawei.com/en/security/psirt/security-bulleti...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 8, 2017
Vulnerability Reserved
Mar 9, 2015