Privilege Elevation Vulnerability in UMA by Huawei
CVE-2017-8119

9.8CRITICAL

Key Information:

Vendor: McAfee
Status: Uma
Vendor: CVE Published:; 22 November 2017

What is CVE-2017-8119?

The UMA software from Huawei, specifically versions V200R001 and V300R001, is susceptible to a privilege elevation vulnerability stemming from inadequate parameter validation and processing. An attacker could exploit this weakness by sending specially crafted packets, potentially allowing them to gain elevated privileges within the affected system. It is essential for users to apply necessary patches and observe best practices to mitigate risk.

Affected Version(s)

UMA V200R001 and V300R001

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017

McAfee

What is CVE-2017-8119?

Affected Version(s)

References

CVSS V3.1

Timeline