Vulnerability Description
Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Vcm5010 Firmware | <= v100r001c10b010 |
| Huawei | Vcm5010 | - |
| Huawei | Vcm5020 Firmware | <= v100r001c10b010 |
| Huawei | Vcm5020 | - |
Related Weaknesses (CWE)
References
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/Vendor Advisory
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/Vendor Advisory
FAQ
What is CVE-2015-8332?
CVE-2015-8332 is a vulnerability with a CVSS score of 8.8 (HIGH). Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and pe...
How severe is CVE-2015-8332?
CVE-2015-8332 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8332?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Vcm5010 Firmware, Huawei Vcm5010, Huawei Vcm5020 Firmware, Huawei Vcm5020.