Security vulnerabilities can affect any IT infrastructure at any time. What counts here is how vigilant a firm remains to fix the flaws before exploit. Recently, researchers have spotted multiple vulnerabilities in Huawei web applications and servers. Exploiting these vulnerabilities could have affected the business continuity as well as information security.
Huawei Web Applications And Servers
Researchers from Swascan have discovered serious security flaws in Huawei’s IT infrastructure. These include critical vulnerabilities affecting Huawei web applications and servers. Researchers have elaborated their findings in a blog post.
The researchers found numerous vulnerabilities that could have directly affected Huawei operations. As stated in their blog,
A few vulnerabilities ranked as critical that, if exploited by Malicious Attackers or Cybercriminals, could have impacted business continuity, user’s data, and information security and the regular operation of their services.
While they haven’t specifically stated the vulnerabilities, they have hinted toward the kind of flaws they discovered via CWE categories. As reported, they found three main types of vulnerabilities affected Huawei web apps and servers. These include OS command injection (CWE-78), out-of-bounds read (CWE-125), and improper restriction of operations within the bounds of a memory buffer (CWE-119). Upon exploit, these vulnerabilities could have resulted in information disclosure, system crash, unauthenticated command execution, and other risks.
Huawei Patched The Flaws
Upon finding the vulnerabilities, Team Swascan approached Huawei to report the matter. Like their previous experienced with Lenovo, Microsoft, and Adobe, the researchers faced no difficulty in resolving the issues. As commented by Pierguido Iezzi, co-founder Swascan,
Our experience with Huawei shows that if these values are correctly understood they can be an additional backbone to create an effective and efficient Cyber Security Framework.
He also emphasized the importance of close collaboration with tech companies and cybersecurity experts.
In order to face the emerging threats of the Criminal hackers, a double action is necessary: on the company side, a secure IT infrastructure and a qualified staff is necessary, together with the skills and tools that only the experts of Cyber Security can give.
Let us know your thoughts in the comments.