CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8129
https://notcve.org/view.php?id=CVE-2017-8129
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. El producto UMA con software V200R001 y V300R001 tiene una vulnerabilidad de elevación de privilegios debido a una validación insuficiente o al procesamiento incorrecto de parámetros. Un atacante podría manipular paquetes específicos para explotar estas vulnerabilidades y obtener privilegios elevados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7107
https://notcve.org/view.php?id=CVE-2016-7107
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. Huawei Unified Maintenance Audit (UMA) en versiones anteriores a V200R001C00SPC200 SPH206 permite a atacantes remotos restablecer contraseñas de usuario arbitrarias y consecuentemente afectar al sistema íntegro de datos a través de vectores no especificados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en http://www.securityfocus.com/bid/92619 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7109
https://notcve.org/view.php?id=CVE-2016-7109
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110. Huawei Unified Maintenance Audit (UMA) en versiones anteriores a V200R001C00SPC200 permite a atacantes remotos ejecutar comandos arbitrarios a través de "caracteres especiales", una vulnerabilidad diferente a CVE-2016-7110. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en http://www.securityfocus.com/bid/92617 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7110
https://notcve.org/view.php?id=CVE-2016-7110
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109. Huawei Unified Maintenance Audit (UMA) en versiones anteriores a V200R001C00SPC200 permite a atacantes remotos ejecutar comandos arbitrarios a través de "caracteres especiales", una vulnerabilidad diferente a CVE-2016-7109. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-uma-en http://www.securityfocus.com/bid/92617 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7108
https://notcve.org/view.php?id=CVE-2016-7108
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. Huawei Unified Maintenance Audit (UMA) en versiones anteriores a V200R001C00SPC200 SPH206 permite a usuarios remotos autenticados obtener los hashes MD5 de contraseñas de usuarios arbitrarias a través de vectores no especificados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-uma-en http://www.securityfocus.com/bid/92619 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •