CVE-2013-4629 — HIGH (8.5) — White Hats Nepal

Q: How severe is CVE-2013-4629?

CVE-2013-4629 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-4629?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Vp 9610, Huawei Vp 9620.

Vulnerability Description

The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method.

CVSS Score

8.5

HIGH

AV:N/AC:M/Au:S/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Huawei	Vp 9610	<= v100r002c02b019sp05
Huawei	Vp 9620	<= v100r002c02b019sp05

Related Weaknesses (CWE)

CWE-255

References

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hVendor Advisory
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hVendor Advisory

FAQ

What is CVE-2013-4629?

CVE-2013-4629 is a vulnerability with a CVSS score of 8.5 (HIGH). The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated use...

How severe is CVE-2013-4629?

CVE-2013-4629 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4629?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Vp 9610, Huawei Vp 9620.