CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
30.3%
There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. (Vulnerability ID: HWPSIRT-2020-04159)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-22440.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-pathtraversal-en>
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | mate_20_firmware | 9.0.0.195 | cpe:2.3:o:huawei:mate_20_firmware:9.0.0.195:*:*:*:*:*:*:* |
huawei | mate_20_firmware | 9.1.0.139 | cpe:2.3:o:huawei:mate_20_firmware:9.1.0.139:*:*:*:*:*:*:* |
huawei | mate_20_pro_firmware | 9.0.0.187 | cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.187:*:*:*:*:*:*:* |
huawei | mate_20_pro_firmware | 9.0.0.188 | cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.188:*:*:*:*:*:*:* |
huawei | mate_20_pro_firmware | 9.0.0.245 | cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.245:*:*:*:*:*:*:* |
huawei | mate_20_pro_firmware | 9.0.0.266 | cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.266:*:*:*:*:*:*:* |
huawei | mate_20_pro_firmware | 9.0.0.267 | cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.267:*:*:*:*:*:*:* |
huawei | mate_20_pro_firmware | 9.0.0.268 | cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.268:*:*:*:*:*:*:* |
huawei | mate_20_pro_firmware | 9.0.0.278 | cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.278:*:*:*:*:*:*:* |
huawei | mate_20_x_firmware | 9.1.0.135 | cpe:2.3:o:huawei:mate_20_x_firmware:9.1.0.135:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
30.3%