Huawei Secospace VSM Default User Group Permissions Security
Huawei Secospace VSM Default User Group Permissions Security Bypass Vulnerability
Release Date : 2013-04-04
Criticality level : Less critical
Impact : Security Bypass
Where : From local network
Solution Status: Vendor Patch
Software: Huawei Secospace VSM
A vulnerability has been reported in Huawei VSM, which can be exploited by malicious users to bypass certain security restrictions.
The vulnerability is caused due to the application not properly validating authentication when handling modifications to the default user groups' permissions and can be exploited to change the permissions of the default user group.
The vulnerability is reported in versions prior to V200R002C00SPC300.
Update to version V200R002C00SPC300.
Provided and/or discovered by:
Reported by the vendor.