9.0.6.2(H100Sp15C00)

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

huawei

NVD

Published: 2021-09-09

Updated: 2022-05-03

Summary

There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei AIS Bw50 00 Firmware 9.0.6.2\(H100Sp10C00\) Huawei AIS Bw50 00 Firmware 9.0.6.2\(H100Sp15C00\)	2
Hardware	Huawei Huawei AIS Bw50 00 -	1

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en