Lucene search

Huawei TechnologiesHUAWEI-SA-20210630-01-PATHTRAVERSAL

HistoryJun 30, 2021 - 12:00 a.m.

Security Advisory - Path Traversal Vulnerability in Some Huawei Products

2021-06-3000:00:00

Huawei Technologies

www.huawei.com

huawei

path traversal

vulnerability

software

external input

file directory

exploit

security advisory

cve-2021-22440

software update

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.3%

JSON

There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. (Vulnerability ID: HWPSIRT-2020-04159)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-22440.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-pathtraversal-en>

Affected configurations

Vulners

Node

huaweimate_20_firmwareMatch9.0.0.195

huaweimate_20_firmwareMatch9.1.0.139

huaweimate_20_pro_firmwareMatch9.0.0.187

huaweimate_20_pro_firmwareMatch9.0.0.188

huaweimate_20_pro_firmwareMatch9.0.0.245

huaweimate_20_pro_firmwareMatch9.0.0.266

huaweimate_20_pro_firmwareMatch9.0.0.267

huaweimate_20_pro_firmwareMatch9.0.0.268

huaweimate_20_pro_firmwareMatch9.0.0.278

huaweimate_20_x_firmwareMatch9.1.0.135

huaweimate_20_x_firmwareMatch9.1.0.139

huaweihima-l29c_firmwareMatch9.0.0.105

huaweilaya-al00ep_firmwareMatch9.1.0.139

huaweitaurus-an00b_firmwareRange<10.1.0.128

huaweioxfords-an00a_firmwareMatch10.1.0.223

huaweitony-al00b_firmwareMatch9.1.0.257

huaweitony-tl00b_firmwareMatch9.1.0.259

VendorProductVersionCPE
huaweimate_20_firmware9.0.0.195cpe:2.3:o:huawei:mate_20_firmware:9.0.0.195:*:*:*:*:*:*:*
huaweimate_20_firmware9.1.0.139cpe:2.3:o:huawei:mate_20_firmware:9.1.0.139:*:*:*:*:*:*:*
huaweimate_20_pro_firmware9.0.0.187cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.187:*:*:*:*:*:*:*
huaweimate_20_pro_firmware9.0.0.188cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.188:*:*:*:*:*:*:*
huaweimate_20_pro_firmware9.0.0.245cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.245:*:*:*:*:*:*:*
huaweimate_20_pro_firmware9.0.0.266cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.266:*:*:*:*:*:*:*
huaweimate_20_pro_firmware9.0.0.267cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.267:*:*:*:*:*:*:*
huaweimate_20_pro_firmware9.0.0.268cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.268:*:*:*:*:*:*:*
huaweimate_20_pro_firmware9.0.0.278cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.278:*:*:*:*:*:*:*
huaweimate_20_x_firmware9.1.0.135cpe:2.3:o:huawei:mate_20_x_firmware:9.1.0.135:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	mate_20_firmware	9.0.0.195	cpe:2.3:o:huawei:mate_20_firmware:9.0.0.195:::::::*
huawei	mate_20_firmware	9.1.0.139	cpe:2.3:o:huawei:mate_20_firmware:9.1.0.139:::::::*
huawei	mate_20_pro_firmware	9.0.0.187	cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.187:::::::*
huawei	mate_20_pro_firmware	9.0.0.188	cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.188:::::::*
huawei	mate_20_pro_firmware	9.0.0.245	cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.245:::::::*
huawei	mate_20_pro_firmware	9.0.0.266	cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.266:::::::*
huawei	mate_20_pro_firmware	9.0.0.267	cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.267:::::::*
huawei	mate_20_pro_firmware	9.0.0.268	cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.268:::::::*
huawei	mate_20_pro_firmware	9.0.0.278	cpe:2.3:o:huawei:mate_20_pro_firmware:9.0.0.278:::::::*
huawei	mate_20_x_firmware	9.1.0.135	cpe:2.3:o:huawei:mate_20_x_firmware:9.1.0.135:::::::*

Rows per page:

1-10 of 171

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

30.3%

JSON

Related for HUAWEI-SA-20210630-01-PATHTRAVERSAL