Huawei Secospace VSM Default User Group Permissions Security

by Carol~ Moderator - 4/4/13 8:40 AM

In Reply to: VULNERABILITIES / FIXES - April 04, 2013 by Carol~ Moderator

Huawei Secospace VSM Default User Group Permissions Security Bypass Vulnerability

Release Date : 2013-04-04

Criticality level : Less critical
Impact : Security Bypass
Where : From local network
Solution Status: Vendor Patch

Software: Huawei Secospace VSM

Description:
A vulnerability has been reported in Huawei VSM, which can be exploited by malicious users to bypass certain security restrictions.

The vulnerability is caused due to the application not properly validating authentication when handling modifications to the default user groups' permissions and can be exploited to change the permissions of the default user group.

The vulnerability is reported in versions prior to V200R002C00SPC300.

Solution:
Update to version V200R002C00SPC300.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Huawei-SA-20130403-01-VSM:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258449.htm

http://secunia.com/advisories/52891/