CVE-2021-22396

Published: Aug 2, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product versions include:eCNS280_TD V100R005C00,V100R005C10;eSE620X vESS V100R001C10SPC200,V100R001C20SPC200.

Affected (4)

Products: Huawei: Ecns280 Td Firmware, Ese620x Vess Firmware

2 products

Ecns280 Td Firmware

Ese620x Vess Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ecns280 Td Firmware	Version v100r005c00
Huawei Ecns280 Td Firmware	Version v100r005c10

Running on/with	Platform Versions
Huawei Ecns280 Td	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ese620x Vess Firmware	Version v100r001c10spc200
Huawei Ese620x Vess Firmware	Version v100r001c20spc200

Running on/with	Platform Versions
Huawei Ese620x Vess	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-privilege-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-privilege-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.