Insecure HTTP Download in Huawei HiSuite PC Client Software
CVE-2016-8273
7.8HIGH
Summary
The Huawei HiSuite PC client software version 4.0.5.300_OVE is vulnerable due to its use of insecure HTTP for downloading upgrade software packages. This flaw allows attackers to potentially perform Man-In-The-Middle (MITM) attacks, enabling them to intercept or alter the downloaded software before installation. Moreover, the software does not verify the integrity of the downloaded package, further exacerbating the risk. Users are strongly advised to implement security measures to mitigate the threat posed by this vulnerability.
Affected Version(s)
HiSuite 4.0.5.300_OVE HiSuite 4.0.5.300_OVE
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved