Huawei FusionAccess V100R005C10/V100R005C20 LDAP ldap injection
A vulnerability was found in Huawei FusionAccess V100R005C10/V100R005C20 and classified as problematic. Affected by this issue is some unknown functionality of the component LDAP Handler. The manipulation leads to ldap injection. Using CWE to declare the problem leads to CWE-90. The bug was discovered 11/30/2016. The weakness was disclosed 04/02/2017 as sa-20161130-01 (Website). The advisory is shared for download at huawei.com. This vulnerability is handled as CVE-2016-8779. The attack may be launched remotely. There are no technical details available. There is no exploit available. The current price for an exploit might be approx. USD $5k-$25k at the moment. The MITRE ATT&CK project declares the attack technique as T1505. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 123 days. As 0-day the estimated underground price was around $5k-$25k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94620).
Do you need the next level of professionalism?
Upgrade your account now!