Description
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.openeuler.org/zh/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1541
Scores
CVSS v3
7.8
EPSS
0.0002
EPSS Percentile
6.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
huawei/atune
0.3 - 0.8
Published
Mar 11, 2022
Tracked Since
Feb 18, 2026