Vulnerabilities > CVE-2016-8779 - Command Injection vulnerability in Huawei FusionAccess

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

huawei

NVD

Published: 2017-04-02

Updated: 2017-04-05

Summary

Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database. <a href="http://cwe.mitre.org/data/definitions/90.html">CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')</a>

Vulnerable Configurations

Part	Description	Count
Application	Huawei Huawei Fusionaccess V100R005C10 Huawei Fusionaccess V100R005C20	2

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-ldap-en
http://www.securityfocus.com/bid/94620