Release date:
Updated on:
Affected Systems:
Huawei eSight V200R003C01SPC200
Huawei eSight <= V200R003C00
Description:
--------------------------------------------------------------------------------
Bugtraq id: 64633
The Huawei eSight ict o & M system is a new generation of O & M management solutions developed by Huawei for enterprise basic networks, unified communications, telepresence conferences, video surveillance, and data centers.
Huawei eSight V200R003C00 allows attackers to upload arbitrary files without correctly verifying the device images uploaded to the affected system. This can be exploited by attackers, causing information leakage, service interruption, and suspension.
<* Source: vendor
Link: http://www.securelist.com/en/advisories/56194
Http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-323611.htm
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Huawei
------
Huawei has released a Security Bulletin (hw-323611) and patches for this:
Hw-323611: Vulnerability in Image Upload of User-defined Devices to Huawei eSight System
Link: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-323611.htm