CVE-2015-8332

high

Published 2017-08-28 · Modified 2026-05-13

CVSS v3

8.8

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

6.5

VIR risk

8.8

Description

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability."

Predictions

Exploit likelihood

92%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462985.htm

References

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462985.htm
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462985.htm

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.