Published: 02/04/2017 Updated: 11/04/2017

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
huawei s5700_firmware v200r001c00spc300
huawei s5700_firmware v200r002c00spc100
huawei s5700_firmware v200r003c00spc300
huawei s5700_firmware v200r005c00spc500
huawei s5700_firmware v200r006c00
huawei s6700_firmware v200r001c00spc300
huawei s6700_firmware v200r002c00spc100
huawei s6700_firmware v200r005c00spc500
huawei s6700_firmware v200r003c00spc300
huawei s6700_firmware v200r006c00
huawei s7700_firmware v200r001c00spc300
huawei s7700_firmware v200r002c00spc100
huawei s7700_firmware v200r005c00spc500
huawei s7700_firmware v200r003c00spc300
huawei s7700_firmware v200r006c00
huawei s9700_firmware v200r006c00
huawei s9700_firmware v200r002c00spc100
huawei s9700_firmware v200r005c00spc500
huawei s9700_firmware v200r001c00spc300
huawei s9700_firmware v200r003c00spc300
huawei s12700_firmware v200r006c00
huawei s12700_firmware v200r005c00spc500
huawei acu2_firmware v200r005c00spc500
huawei acu2_firmware v200r006c00

CWE-264 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en https://nvd.nist.gov

CVE-2016-2404

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect