Session Management Vulnerability in Huawei VCN500
CVE-2015-8331

7.4HIGH

Key Information:

Vendor: Huawei
Status: Vcn500
Vendor: CVE Published:; 11 January 2016

Summary

The Huawei VCN500's Operation and Maintenance Unit (OMU) contains a flaw in session management, specifically in how it fails to invalidate session IDs following an abnormal exit. This oversight allows remote attackers to exploit the vulnerability for conducting replay attacks by reusing valid session IDs, potentially gaining unauthorized access to users' sessions and sensitive information.

References

http://www1.huawei.com/en/security/psirt/security-bulleti...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2016
Vulnerability Reserved
Nov 24, 2015