CVE-2016-8801: Command Injection
First published: Sun Apr 02 2017(Updated: )
Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei OceanStor 5600 firmware | <=v300r003c00c10 | |
| Huawei OceanStor S5600T |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-8801?
CVE-2016-8801 is rated as a high severity vulnerability due to the potential for command injection with root privileges.
How do I fix CVE-2016-8801?
To fix CVE-2016-8801, upgrade the Huawei OceanStor 5600 V3 firmware to a version later than V300R003C00C10.
Who is affected by CVE-2016-8801?
CVE-2016-8801 affects Huawei OceanStor 5600 V3 systems running firmware versions up to and including V300R003C00C10.
What kind of attack can exploit CVE-2016-8801?
CVE-2016-8801 can be exploited by an attacker with administrator privileges to inject malicious commands into the system.
What are the potential impacts of CVE-2016-8801?
The potential impacts of CVE-2016-8801 include unauthorized access and control over the system due to command execution with elevated privileges.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei oceanstor 5600 firmware
- version/huawei oceanstor 5600 firmware/v300r003c00c10
- canonical/huawei oceanstor s5600t