Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:61269
HistoryJan 03, 2014 - 12:00 a.m.

Huawei CloudEngine系列交换机安全绕过漏洞

2014-01-0300:00:00
Root
www.seebug.org
16
JSON

BUGTRAQ ID: 64634

CloudEngine系列是华为公司面向下一代数据中心和高端园区推出的“云”级高性能交换机。

Huawei CloudEngine系列交换机的HWTACACS模块在实现上存在多个安全限制绕过漏洞。若攻击者拥有低权限的用户名称和密码并能够登录受影响设备,则可以利用这些漏洞绕过服务器身份验证检查,提升用户权限并执行任意命令。
0
Huawei CloudEngine Series Switches CE6800
Huawei CloudEngine Series Switches CE5800
Huawei CloudEngine Series Switches CE12800
厂商补丁:

Huawei

Huawei已经为此发布了一个安全公告(hw-323610)以及相应补丁:
hw-323610:A Vulnerability on the HWTACACS Authorization Module of the CloudEngine
链接:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-323610.htm

JSON