vendor:
HiSecOS
by:
dreizehnutters
N/A
CVSS
HIGH
Privilege Escalation
269
CWE
Product Name: HiSecOS
Affected Version From: HiSecOS-04.0.01
Affected Version To: HiSecOS-04.0.01
Patch Exists: NO
Related CWE: BSECV-2021-07
CPE: o:hisecos:hisecos:04.0.01
Platforms Tested: HiSecOS-04.0.01
2023
HiSecOS 04.0.01 – Privilege Escalation
This exploit allows an attacker to escalate privileges on HiSecOS-04.0.01 or lower versions. By crafting a specific XML payload, the attacker can modify the access role of a user to admin, granting them elevated privileges.
Mitigation:
Upgrade to a patched version of HiSecOS that fixes the privilege escalation vulnerability.