Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N
Vendors Products
Huawei
  • Fusionaccess

Configuration 1 [-]

OR cpe:2.3:a:huawei:fusionaccess:v100r005c10:*:*:*:*:*:*:*
cpe:2.3:a:huawei:fusionaccess:v100r005c20:*:*:*:*:*:*:*
References
Link Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en Vendor Advisory
http://www.securityfocus.com/bid/94620 Third Party Advisory VDB Entry
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2017-04-02T20:00:00

Updated: 2017-04-03T09:57:01

Reserved: 2016-10-18T00:00:00

Link: CVE-2016-8779

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2017-04-02T20:59:01.530

Modified: 2017-04-05T23:56:44.387

Link: CVE-2016-8779

JSON object: View

cve-icon Redhat Information

No data.

CWE