Huawei FusionStorage V100R003C30U1 Maintenance Module access control

A vulnerability, which was classified as critical, has been found in Huawei FusionStorage V100R003C30U1. This issue affects some unknown processing of the component Maintenance Module. The manipulation leads to improper access controls. The CWE definition for the vulnerability is CWE-264. The bug was discovered 11/23/2016. The weakness was disclosed 04/02/2017 as sa-20161123-01 (Website). It is possible to read the advisory at huawei.com. The identification of this vulnerability is CVE-2016-8803. Local access is required to approach this attack. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 130 days. We expect the 0-day to have been worth approximately $5k-$25k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94507).

Field04/03/2017 09:09 AM11/24/2022 03:58 PM
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days130130
cvss3_nvd_basescore7.57.5
vendorHuaweiHuawei
nameFusionStorageFusionStorage
versionV100R003C30U1V100R003C30U1
componentMaintenance ModuleMaintenance Module
discoverydate14798592001479859200
cwe264 (access control)264 (access control)
risk22
cvss2_vuldb_basescore6.66.6
cvss2_vuldb_tempscore6.66.6
cvss2_vuldb_avLL
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_nvd_avLL
cvss2_nvd_acMM
cvss2_nvd_auSS
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore7.57.5
cvss3_meta_tempscore7.57.5
cvss3_vuldb_basescore7.57.5
cvss3_vuldb_tempscore7.57.5
cvss3_vuldb_avLL
cvss3_vuldb_acHH
cvss3_vuldb_prLL
cvss3_vuldb_uiRR
cvss3_vuldb_sCC
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_nvd_avLL
cvss3_nvd_acHH
cvss3_nvd_prLL
cvss3_nvd_uiRR
cvss3_nvd_sCC
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-fusionstorage-en
price_0day$5k-$25k$5k-$25k
cveCVE-2016-8803CVE-2016-8803
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published14910912001491091200
cve_nvd_summaryThe maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage.The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage.
osvdb_titleCVE-2016-8803 - Huawei - FusionStorage - Privilege Escalation IssueCVE-2016-8803 - Huawei - FusionStorage - Privilege Escalation Issue
securityfocus9450794507
securityfocus_date1479859200 (11/23/2016)1479859200 (11/23/2016)
securityfocus_classDesign ErrorDesign Error
securityfocus_titleHuawei FusionStorage CVE-2016-8803 Local Privilege Escalation VulnerabilityHuawei FusionStorage CVE-2016-8803 Local Privilege Escalation Vulnerability
locationWebsiteWebsite
cvss2_vuldb_eNDND
identifiersa-20161123-01
cvss2_nvd_basescore4.1

Do you need the next level of professionalism?

Upgrade your account now!