CVE-2015-8332

CWE-287 — Improper Authentication3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 52.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Vcm5010 Firmware Huawei Vcm5020 Firmware

Timeline

PublishedAug 28

Latest updateMay 17

Description

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/vcm5010_firmwarev100r001c10b010

▶NVDhuawei/vcm5020_firmwarev100r001c10b010

🔴Vulnerability Details

GHSA

GHSA-797j-6cf4-3f6f: Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows re↗2022-05-17

▶

CVEList

CVE-2015-8332: Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows re↗2017-08-28

▶