Lucene search

Huawei TechnologiesHUAWEI-SA-20210120-02-PRIVILEGE

HistoryJan 20, 2021 - 12:00 a.m.

Security Advisory - Local Privilege Escalation Vulnerability in Some Huawei Products

2021-01-2000:00:00

Huawei Technologies

www.huawei.com

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. (Vulnerability ID: HWPSIRT-2020-60009)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-22299.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en>

Affected configurations

Vulners

Node

huaweimanageoneMatch6.5.0

huaweimanageoneMatch6.5.0.spc100.b210

huaweimanageoneMatch6.5.1.1.b010

huaweimanageoneMatch6.5.1.1.b020

huaweimanageoneMatch6.5.1.1.b030

huaweimanageoneMatch6.5.1.1.b040

huaweimanageoneMatch6.5.1.spc100.b050

huaweimanageoneMatch6.5.1.spc101.b010

huaweimanageoneMatch6.5.1.spc101.b040

huaweimanageoneMatch6.5.1.spc200

huaweimanageoneMatch6.5.1.spc200.b010

huaweimanageoneMatch6.5.1.spc200.b030

huaweimanageoneMatch6.5.1.spc200.b040

huaweimanageoneMatch6.5.1.spc200.b050

huaweimanageoneMatch6.5.1.spc200.b060

huaweimanageoneMatch6.5.1.spc200.b070

huaweimanageoneMatch6.5.1rc1.b060

huaweimanageoneMatch6.5.1rc2.b020

huaweimanageoneMatch6.5.1rc2.b030

huaweimanageoneMatch6.5.1rc2.b040

huaweimanageoneMatch6.5.1rc2.b050

huaweimanageoneMatch6.5.1rc2.b060

huaweimanageoneMatch6.5.1rc2.b070

huaweimanageoneMatch6.5.1rc2.b080

huaweimanageoneMatch6.5.1rc2.b090

huaweimanageoneMatch6.5.rc2.b050

huaweimanageoneMatch8.0.0

huaweimanageoneMatch8.0.0-lcnd81

huaweimanageoneMatch8.0.0.spc100

huaweimanageoneMatch8.0.1

huaweimanageoneMatch8.0.rc2

huaweimanageoneMatch8.0.rc3

huaweimanageoneMatch8.0.rc3.b041

huaweimanageoneMatch8.0.rc3.spc100

huaweifusionsphereMatch6.5.1.spc23

huaweifusionsphereMatch8.0.0.spc12

huaweismc2.0Matchv600r019c00

huaweismc2.0Matchv600r019c10

huaweiimaster_mae-mMatchmae-toolv100r020c10spc220

CPENameOperatorVersion
manageoneeq6.5.0
manageoneeq6.5.0.SPC100.B210
manageoneeq6.5.1.1.B010
manageoneeq6.5.1.1.B020
manageoneeq6.5.1.1.B030
manageoneeq6.5.1.1.B040
manageoneeq6.5.1.SPC100.B050
manageoneeq6.5.1.SPC101.B010
manageoneeq6.5.1.SPC101.B040
manageoneeq6.5.1.SPC200

Name	Operator	Version
manageone	eq	6.5.0
manageone	eq	6.5.0.SPC100.B210
manageone	eq	6.5.1.1.B010
manageone	eq	6.5.1.1.B020
manageone	eq	6.5.1.1.B030
manageone	eq	6.5.1.1.B040
manageone	eq	6.5.1.SPC100.B050
manageone	eq	6.5.1.SPC101.B010
manageone	eq	6.5.1.SPC101.B040
manageone	eq	6.5.1.SPC200

Rows per page:

1-10 of 391

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for HUAWEI-SA-20210120-02-PRIVILEGE