Huawei CloudEngine系列交换机安全绕过漏洞

BUGTRAQ ID: 64634 CloudEngine系列是华为公司面向下一代数据中心和高端园区推出的“云”级高性能交换机。 Huawei CloudEngine系列交换机的HWTACACS模块在实现上存在多个安全限制绕过漏洞。若攻击者拥有低权限的用户名称和密码并能够登录受影响设备，则可以利用这些漏洞绕过服务器身份验证检查，提升用户权限并执行任意命令。 0 Huawei CloudEngine Series Switches CE6800 Huawei CloudEngine Series Switches CE5800 Huawei CloudEngine Series...

Security Advisory-A Vulnerability on the HWTACACS Authorization Module of the CloudEngine

The HWTACACS modules of some Huawei CloudEngine series switches have vulnerabilities. Attackers can execute the commands that can be used by users with higher-level permissions by bypass the right check of HWTACACS server. HWPSIRT-2013-1256. This Vulnerability has been assigned Common...