Описание
HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level.
EPSS
Процентиль: 0%
0.00006
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 6.5
github
около 2 месяцев назад
HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level.
EPSS
Процентиль: 0%
0.00006
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-269