Huawei FusionStorage V100R003C30U1 Maintenance Module access control
A vulnerability, which was classified as critical, has been found in Huawei FusionStorage V100R003C30U1. This issue affects some unknown processing of the component Maintenance Module. The manipulation leads to improper access controls. The CWE definition for the vulnerability is CWE-264. The bug was discovered 11/23/2016. The weakness was disclosed 04/02/2017 as sa-20161123-01 (Website). It is possible to read the advisory at huawei.com. The identification of this vulnerability is CVE-2016-8803. Local access is required to approach this attack. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 130 days. We expect the 0-day to have been worth approximately $5k-$25k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94507).
Do you need the next level of professionalism?
Upgrade your account now!