CVE-2016-8779 — Huawei Fusionaccess vulnerability

5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 72.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Fusionaccess

Timeline

PublishedApr 2

Latest updateMay 17

Description

Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDhuawei/fusionaccessv100r005c10, v100r005c20+1

🔴Vulnerability Details

GHSA

GHSA-vq2h-w7g9-p547: Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory↗2022-05-17

▶

OSV

libtirpc vulnerabilities↗2018-09-05

▶

CVEList

CVE-2016-8779: Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory↗2017-04-02

▶

💬Community

Bugzilla

CVE-2015-8779 glibc: Unbounded stack allocation in catopen function↗2016-01-20

▶