Privilege Elevation Vulnerability in Huawei UMA Products
CVE-2017-8129

9.8CRITICAL

Key Information:

Vendor: McAfee
Status: Uma
Vendor: CVE Published:; 22 November 2017

Summary

The UMA product from Huawei contains a vulnerability that allows attackers to elevate privileges. This issue stems from insufficient validation or improper processing of parameters, enabling an attacker to craft specific packets that exploit this weakness. Successful exploitation can lead to unauthorized access and control over the affected product.

Affected Version(s)

UMA V200R001 and V300R001

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017