Arbitrary Command Execution Vulnerability in Huawei Unified Maintenance Audit
CVE-2016-7109

9.8CRITICAL

Key Information:

Vendor: Huawei
Status: Uma
Vendor: CVE Published:; 7 September 2016

Summary

The Huawei Unified Maintenance Audit (UMA) prior to version V200R001C00SPC200 is susceptible to a vulnerability that allows remote attackers to execute arbitrary commands. This security flaw arises from improper handling of 'special characters', which can be exploited to perform unauthorized actions on the affected systems. It is crucial for users of this product to be aware of this risk and apply the necessary updates to mitigate potential threats.

References

http://www.securityfocus.com/bid/92617

vdb-entryx_refsource_BID

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2016
Vulnerability Reserved
Aug 29, 2016