Description
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-463067.htm
Scores
CVSS v3
7.4
EPSS
0.0013
EPSS Percentile
32.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
huawei/vcn500
v100r002c00spc200b010
Published
Jan 11, 2016
Tracked Since
Feb 18, 2026