Security Advisory - SQL Injection Vulnerability in Policy Center Product

2016-03-25T00:00:00
ID HUAWEI-SA-20160325-01-POLICYCENTER
Type huawei
Reporter Huawei Technologies
Modified 2016-03-25T00:00:00

Description

Huawei Policy Center dynamically allocates network resources in a unified manner, enabling the network to provide services with more agility. The Policy Center has a SQL injection vulnerability. After logging in to the target device, a remote attacker could exploit this vulnerability by grafting malicious SQL statements to tamper with the system databases and gain administrative privileges. (Vulnerability ID: HWPSIRT-2015-12023) This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-3675. Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: 

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160325-01-policycenter-en