Lucene search

Huawei TechnologiesHUAWEI-SA-20220406-01-BDB62B17

HistoryApr 06, 2022 - 12:00 a.m.

Security Advisory - Improper Authentication Management Vulnerability in some Huawei Products

2022-04-0600:00:00

Huawei Technologies

www.huawei.com

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

26.4%

JSON

There is an improper authentication vulnerability in some huawei products.Successful exploitation of this vulnerability may lead to a control of the victim device. (Vulnerability ID: HWPSIRT-2021-30580)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-22259.

For products that have released software updates to fix this vulnerability, Huawei will release and update the Security Advisory at:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220406-01-bdb62b17-en>

Affected configurations

Vulners

Node

huaweiflmg-10Match10.0.1.0

CPENameOperatorVersion
flmg-10eq10.0.1.0

CPE	Name	Operator	Version
	flmg-10	eq	10.0.1.0

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

26.4%

JSON

Related for HUAWEI-SA-20220406-01-BDB62B17