Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20181010-01-DEBUG
HistorySep 21, 2019 - 12:00 a.m.

Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products

2019-09-2100:00:00
Huawei Technologies
www.huawei.com
32

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

31.2%

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer’s Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, some Xen configurations, or FreeBSD, or a Linux kernel. Some of Huawei products also be affected for this vulnerability. An attacker may exploit this vulnerability to escalate their privileges. (Vulnerability ID: HWPSIRT-2018-05100)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-8897.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181010-01-debug-en

Affected configurations

Vulners
Node
huaweihuawei_firmwareMatchV200R002C10
OR
huaweihuawei_firmwareMatchV200R002C20
OR
huaweihuawei_firmwareMatchV200R003C00
OR
huaweihuawei_firmwareMatchV200R005C00
OR
huaweifusioncubeMatch3.0.0
OR
huaweifusioncubeMatch3.0.1
OR
huaweifusioncubeMatch3.1.0
OR
huaweifusioncubeMatchV100R002C02
OR
huaweifusioncubeMatchV100R002C50SPC202
OR
huaweifusioncubeMatchV100R002C60RC1
OR
huaweifusioncubeMatchV100R002C60SPC100
OR
huaweifusioncubeMatchV100R002C70
OR
huaweifusioncubeMatchV100R002C70U1
OR
huaweihuawei_firmwareMatchV100R003C10
OR
huaweifusionsphere_openstackMatchV100R005C00
OR
huaweifusionsphere_openstackMatchV100R005C10
OR
huaweifusionsphere_openstackMatchV100R006C00
OR
huaweifusionsphere_openstackMatchV100R006C10
OR
huaweifusionsphere_openstackMatchV100R006C30
OR
huaweimanageoneMatchV100R003C00
OR
huaweimanageoneMatchV100R006C30
OR
huaweioceanstor_18500MatchV100R001C00
OR
huaweioceanstor_18500MatchV100R002C00
OR
huaweioceanstor_18500MatchV100R002C00SPC200
OR
huaweioceanstor_18500MatchV200R001C00
OR
huaweioceanstor_18500MatchV200R001C00SPC200
OR
huaweismc2.0MatchV100R003C10
OR
huaweismc2.0MatchV500R002C00
OR
huaweihuawei_firmwareMatchV200R003C10
OR
huaweihuawei_firmwareMatchV200R003C20
OR
huaweihuawei_firmwareMatchV200R005C00SPC200
OR
huaweihuawei_firmwareMatchV200R005C00SPC205
OR
huaweiespace_desktopMatchV100R002C00
OR
huaweiespace_desktopMatchV100R002C10
OR
huaweiespace_desktopMatchV100R002C20
OR
huaweiimanager_netecoMatchV600R007C00
OR
huaweiimanager_netecoMatchV600R007C10
OR
huaweiimanager_netecoMatchV600R007C11
OR
huaweiimanager_netecoMatchV600R007C12
OR
huaweiimanager_netecoMatchV600R007C20
OR
huaweiimanager_netecoMatchV600R007C40
OR
huaweiimanager_netecoMatchV600R008C00
OR
huaweiimanager_netecoMatchV600R008C10
OR
huaweiimanager_netecoMatchV600R008C20
OR
huaweiimanager_netecoMatchV600R008C30
OR
huaweiimanager_neteco_6000MatchV600R007C40
OR
huaweiimanager_neteco_6000MatchV600R007C60
OR
huaweiimanager_neteco_6000MatchV600R007C80
OR
huaweiimanager_neteco_6000MatchV600R007C90
OR
huaweiimanager_neteco_6000MatchV600R008C00
OR
huaweiimanager_neteco_6000MatchV600R008C10SPC100

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

31.2%