CVE-2021-22299

Published: Feb 6, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.

Affected (40)

Products: Huawei: Imaster Mae M, Manageone, Network Functions Virtualization Fusionsphere, Smc2.0 Firmware

Huawei

4 products

Imaster Mae M

Manageone

Network Functions Virtualization Fusionsphere

Smc2.0 Firmware

Configuration A

38 vulnerable

Vulnerable Software	Affected Versions
Huawei Imaster Mae M	Version v100r020c10spc220
Huawei Manageone	Version 6.5.0
Huawei Manageone	Version 6.5.0 rc2.b050
Huawei Manageone	Version 6.5.0 spc100.b210
Huawei Manageone	Version 6.5.1.1 b010
Huawei Manageone	Version 6.5.1.1 b020
Huawei Manageone	Version 6.5.1.1 b030
Huawei Manageone	Version 6.5.1.1 b040
Huawei Manageone	Version 6.5.1
Huawei Manageone	Version 6.5.1 rc1.b060
Huawei Manageone	Version 6.5.1 rc2.b020
Huawei Manageone	Version 6.5.1 rc2.b030
Huawei Manageone	Version 6.5.1 rc2.b040
Huawei Manageone	Version 6.5.1 rc2.b050
Huawei Manageone	Version 6.5.1 rc2.b060
Huawei Manageone	Version 6.5.1 rc2.b070
Huawei Manageone	Version 6.5.1 rc2.b080
Huawei Manageone	Version 6.5.1 rc2.b090
Huawei Manageone	Version 6.5.1 spc100.b050
Huawei Manageone	Version 6.5.1 spc101.b010
Huawei Manageone	Version 6.5.1 spc101.b040
Huawei Manageone	Version 6.5.1 spc200.b010
Huawei Manageone	Version 6.5.1 spc200.b030
Huawei Manageone	Version 6.5.1 spc200.b040
Huawei Manageone	Version 6.5.1 spc200.b050
Huawei Manageone	Version 6.5.1 spc200.b060
Huawei Manageone	Version 6.5.1 spc200.b070
Huawei Manageone	Version 6.5.1 spc200
Huawei Manageone	Version 8.0.0
Huawei Manageone	Version 8.0.0 lcnd81
Huawei Manageone	Version 8.0.0 rc2
Huawei Manageone	Version 8.0.0 rc3.b041
Huawei Manageone	Version 8.0.0 rc3.spc100
Huawei Manageone	Version 8.0.0 rc3
Huawei Manageone	Version 8.0.0 spc100
Huawei Manageone	Version 8.0.1
Huawei Network Functions Virtualization Fusionsphere	Version 6.5.1 spc12
Huawei Network Functions Virtualization Fusionsphere	Version 6.5.1 spc23

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Smc2.0 Firmware	Version v600r019c00
Huawei Smc2.0 Firmware	Version v600r019c10

Running on/with	Platform Versions
Huawei Smc2.0	All versions

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.