Lucene search

HuaweiCVE-2021-22377

HistoryJun 22, 2021 - 7:15 p.m.

CVE-2021-22377

2021-06-2219:15:07

CWE-20

huawei

web.nvd.nist.gov

cve-2021-22377

command injection

vulnerability

s12700

s2700

s5700

s6700

s7700

nvd

huawei

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

45.6%

JSON

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.

Affected configurations

Nvd

Vulners

Node

huaweis12700_firmwareMatchv200r019c00spc500

AND

huaweis12700Match-

Node

huaweis2700_firmwareMatchv200r019c00spc500

AND

huaweis2700Match-

Node

huaweis5700_firmwareMatchv200r019c00spc500

AND

huaweis5700Match-

Node

huaweis6700_firmwareMatchv200r019c00spc500

AND

huaweis6700Match-

Node

huaweis7700_firmwareMatchv200r019c00spc500

AND

huaweis7700Match-

VendorProductVersionCPE
huaweis12700_firmwarev200r019c00spc500cpe:2.3:o:huawei:s12700_firmware:v200r019c00spc500:*:*:*:*:*:*:*
huaweis12700-cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*
huaweis2700_firmwarev200r019c00spc500cpe:2.3:o:huawei:s2700_firmware:v200r019c00spc500:*:*:*:*:*:*:*
huaweis2700-cpe:2.3:h:huawei:s2700:-:*:*:*:*:*:*:*
huaweis5700_firmwarev200r019c00spc500cpe:2.3:o:huawei:s5700_firmware:v200r019c00spc500:*:*:*:*:*:*:*
huaweis5700-cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*
huaweis6700_firmwarev200r019c00spc500cpe:2.3:o:huawei:s6700_firmware:v200r019c00spc500:*:*:*:*:*:*:*
huaweis6700-cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*
huaweis7700_firmwarev200r019c00spc500cpe:2.3:o:huawei:s7700_firmware:v200r019c00spc500:*:*:*:*:*:*:*
huaweis7700-cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	s12700_firmware	v200r019c00spc500	cpe:2.3:o:huawei:s12700_firmware:v200r019c00spc500:::::::*
huawei	s12700	-	cpe:2.3:h:huawei:s12700:-:::::::*
huawei	s2700_firmware	v200r019c00spc500	cpe:2.3:o:huawei:s2700_firmware:v200r019c00spc500:::::::*
huawei	s2700	-	cpe:2.3:h:huawei:s2700:-:::::::*
huawei	s5700_firmware	v200r019c00spc500	cpe:2.3:o:huawei:s5700_firmware:v200r019c00spc500:::::::*
huawei	s5700	-	cpe:2.3:h:huawei:s5700:-:::::::*
huawei	s6700_firmware	v200r019c00spc500	cpe:2.3:o:huawei:s6700_firmware:v200r019c00spc500:::::::*
huawei	s6700	-	cpe:2.3:h:huawei:s6700:-:::::::*
huawei	s7700_firmware	v200r019c00spc500	cpe:2.3:o:huawei:s7700_firmware:v200r019c00spc500:::::::*
huawei	s7700	-	cpe:2.3:h:huawei:s7700:-:::::::*

CNA Affected

[
  {
    "product": "S12700;S2700;S5700;S6700;S7700",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V200R019C00SPC500"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cmdinj-en

Social References

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

45.6%

JSON

Related for CVE-2021-22377