Privilege Elevation Vulnerability in UMA Product by Huawei
CVE-2017-8128

9.8CRITICAL

Key Information:

Vendor: McAfee
Status: Uma
Vendor: CVE Published:; 15 November 2017

What is CVE-2017-8128?

The UMA product from Huawei is impacted by a privilege elevation vulnerability arising from insufficient validation and improper processing of parameters. An attacker could exploit this weakness by crafting specific packets, allowing them to gain elevated privileges within the system. It is critical for users of UMA versions V200R001 and V300R001 to apply the necessary security updates and ensure their systems are protected against potential exploitation.

Affected Version(s)

UMA V200R001 and V300R001

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2017
Vulnerability Reserved
Apr 25, 2017

McAfee

What is CVE-2017-8128?

Affected Version(s)

References

CVSS V3.1

Timeline