Huawei Video Conference System vor V100R002C02B020SP01 Session erweiterte Rechte

EintraganpassenHistoryDiffjsonxmlCTI

Es wurde eine kritische Schwachstelle in Huawei Video Conference System gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Session Handler. Ein Aktualisieren auf die Version V100R002C02B020SP01 vermag dieses Problem zu lösen. Das Erscheinen einer Gegenmassnahme geschah 1 Tage nach der Veröffentlichung der Schwachstelle. Huawei hat daher unmittelbar gehandelt.

Feld21.05.2013 12:0505.06.2017 10:5511.05.2021 16:08
vendorHuaweiHuaweiHuawei
nameVideo Conference SystemVideo Conference SystemVideo Conference System
componentSession HandlerSession HandlerSession Handler
affectedlistVP9610 - V100R002C02B019SP05 VP9620 - n/aVP9610 - V100R002C02B019SP05 VP9620 - n/aVP9610 - V100R002C02B019SP05 VP9620 - n/a
cwe255 (erweiterte Rechte)255 (erweiterte Rechte)255 (erweiterte Rechte)
risk222
historic000
cvss2_vuldb_basescore8.58.58.5
cvss2_vuldb_tempscore6.76.76.7
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auSSS
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore8.88.88.8
cvss3_meta_tempscore7.97.97.9
cvss3_vuldb_basescore8.88.88.8
cvss3_vuldb_tempscore7.97.97.9
date1368316800 (12.05.2013)1368316800 (12.05.2013)1368316800 (12.05.2013)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htm
identifierHuawei-SA-20130513-01-VPHuawei-SA-20130513-01-VPHuawei-SA-20130513-01-VP
coordination111
confirm_urlhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htmhttp://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htm
disputed000
availability111
date1368316800 (12.05.2013)1368316800 (12.05.2013)1368316800 (12.05.2013)
publicity111
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
date1368403200 (13.05.2013)1368403200 (13.05.2013)1368403200 (13.05.2013)
upgrade_versionV100R002C02B020SP01V100R002C02B020SP01V100R002C02B020SP01
cveCVE-2013-4629CVE-2013-4629CVE-2013-4629
cve_assigned137168640013716864001371686400
cve_nvd_published137168640013716864001371686400
cve_nvd_summaryThe Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method.The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method.The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method.
osvdb934669346693466
securityfocus607096070960709
vulnerabilitycenter460104601046010
vulnerabilitycenter_titleHuawei Viewpoint (VP) for Video Conference system Remote Security Bypass via Unspecified Interception MethodHuawei Viewpoint (VP) for Video Conference system Remote Security Bypass via Unspecified Interception MethodHuawei Viewpoint (VP) for Video Conference system Remote Security Bypass via Unspecified Interception Method
vulnerabilitycenter_severityHighHighHigh
vulnerabilitycenter_creationdate141013440014101344001410134400
vulnerabilitycenter_reportingdate136840320013684032001368403200
xforce851648516485164
nessus_id773357733577335
nessus_nameHuawei VP9610 / 9620 Fixed Session ID (HWNSIRT-2013-0318)Huawei VP9610 / 9620 Fixed Session ID (HWNSIRT-2013-0318)Huawei VP9610 / 9620 Fixed Session ID (HWNSIRT-2013-0318)
nessus_familyHuawei Local Security ChecksHuawei Local Security ChecksHuawei Local Security Checks
nessus_date1408665600 (22.08.2014)1408665600 (22.08.2014)1408665600 (22.08.2014)
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_ePPP
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
reaction_days111
exposure_days111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
nessus_filenamehuawei-SA-20130513-01-VP.naslhuawei-SA-20130513-01-VP.nasl
nessus_riskHigh
exploitdb25295
cvss2_nvd_basescore8.5

Do you need the next level of professionalism?

Upgrade your account now!