CVE-2015-8332

EPSS 0.25%
Published 28.08.2017 21:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability."

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Vcm5010 Firmware Version <= v100r001c10b010

Huawei ≫ Vcm5010 Version-

Huawei ≫ Vcm5020 Firmware Version <= v100r001c10b010

Huawei ≫ Vcm5020 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.448

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462985.htm

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-8332

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8332

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8332

EUVD