CVE-2016-2404

Published: Apr 2, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation.

Vendor	Product	Versions
n/a	S5700, S6700, S7700, S9700,S12700,ACU2,, S5700, S6700, S7700, S9700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00,,S12700 V200R005C00SPC500, V200R006C00,,ACU2 V200R005C00SPC500, V200R006C00,	affected `S5700, S6700, S7700, S9700,S12700,ACU2,, S5700, S6700, S7700, S9700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00,,S12700 V200R005C00SPC500, V200R006C00,,ACU2 V200R005C00SPC500, V200R006C00,`

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-2404

Description

Affected Products

References