Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22299

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.

Published

2021-02-06T02:15:12.680

Last Modified

2024-11-21T05:49:52.027

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	huawei	imaster_mae-m	v100r020c10spc220	Yes
Application	huawei	manageone	6.5.0	Yes
Application	huawei	manageone	6.5.0	Yes
Application	huawei	manageone	6.5.0	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1	Yes
Application	huawei	manageone	6.5.1.1	Yes
Application	huawei	manageone	6.5.1.1	Yes
Application	huawei	manageone	6.5.1.1	Yes
Application	huawei	manageone	6.5.1.1	Yes
Application	huawei	manageone	8.0.0	Yes
Application	huawei	manageone	8.0.0	Yes
Application	huawei	manageone	8.0.0	Yes
Application	huawei	manageone	8.0.0	Yes
Application	huawei	manageone	8.0.0	Yes
Application	huawei	manageone	8.0.0	Yes
Application	huawei	manageone	8.0.0	Yes
Application	huawei	manageone	8.0.1	Yes
Application	huawei	network_functions_virtualization_fusionsphere	6.5.1	Yes
Application	huawei	network_functions_virtualization_fusionsphere	6.5.1	Yes
Operating System	huawei	smc2.0_firmware	v600r019c00	Yes
Operating System	huawei	smc2.0_firmware	v600r019c10	Yes
Hardware	huawei	smc2.0	-	No

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en Vendor Advisory ([email protected])
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)