Vulnerabilities > CVE-2013-4629 - Credentials Management vulnerability in Huawei VP 9610 and VP 9620
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 2 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Huawei Local Security Checks |
| NASL id | HUAWEI-SA-20130513-01-VP.NASL |
| description | The remote host is a Huawei switch running a firmware version that is affected by a fixed session ID vulnerability. A remote, unauthenticated attacker can exploit this to spoof a legitimate user. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 77335 |
| published | 2014-08-22 |
| reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/77335 |
| title | Huawei VP9610 / 9620 Fixed Session ID (HWNSIRT-2013-0318) |