CVE-2021-37127

Published: Oct 27, 2021Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210.

Affected (16)

Products: Huawei: Imanager Neteco 6000 Firmware, Imanager Neteco Firmware

Huawei

2 products

Imanager Neteco 6000 Firmware

Imanager Neteco Firmware

Configuration A

8 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Imanager Neteco 6000 Firmware	Version v600r010c00cp2001
Huawei Imanager Neteco 6000 Firmware	Version v600r010c00cp2002
Huawei Imanager Neteco 6000 Firmware	Version v600r010c00spc100
Huawei Imanager Neteco 6000 Firmware	Version v600r010c00spc110
Huawei Imanager Neteco 6000 Firmware	Version v600r010c00spc120
Huawei Imanager Neteco 6000 Firmware	Version v600r010c00spc200
Huawei Imanager Neteco 6000 Firmware	Version v600r010c00spc210
Huawei Imanager Neteco 6000 Firmware	Version v600r010c00spc300

Running on/with	Platform Versions
Huawei Imanager Neteco 6000	All versions

Configuration B

8 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Imanager Neteco Firmware	Version v600r009c00spc100
Huawei Imanager Neteco Firmware	Version v600r009c00spc110
Huawei Imanager Neteco Firmware	Version v600r009c00spc120
Huawei Imanager Neteco Firmware	Version v600r009c00spc190
Huawei Imanager Neteco Firmware	Version v600r009c00spc200
Huawei Imanager Neteco Firmware	Version v600r009c00spc201
Huawei Imanager Neteco Firmware	Version v600r009c00spc202
Huawei Imanager Neteco Firmware	Version v600r009c00spc210

Running on/with	Platform Versions
Huawei Imanager Neteco	All versions

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-signature-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-signature-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.