Remote Code Execution Vulnerability in Huawei OceanStor UDS Devices
CVE-2015-2253

5MEDIUM

Key Information:

Vendor
Huawei
Vendor
CVE Published:
8 June 2017

Summary

The XML interface in Huawei OceanStor UDS devices prior to version V100R002C01SPC102 is susceptible to a vulnerability that enables remote authenticated users to obtain sensitive data. By sending specially crafted XML documents, attackers can exploit this weakness to gain unauthorized access to confidential information, raising significant security concerns for organizations relying on these devices.

References

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.