Privilege Elevation Vulnerability in Huawei UMA Software
CVE-2017-8120

9.8CRITICAL

Key Information:

Vendor: McAfee
Status: Uma
Vendor: CVE Published:; 22 November 2017

Summary

The UMA software from Huawei versions V200R001 and V300R001 is susceptible to a privilege elevation vulnerability. This flaw arises from inadequate validation or mismanagement of parameters, enabling an attacker to send specially crafted packets designed to exploit the vulnerability. By successfully executing this attack, the unauthorized party could achieve elevated privileges within the affected system, compromising the integrity and security of sensitive operations.

Affected Version(s)

UMA V200R001 and V300R001

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017