CVE-2021-22299 Information

Description

There is a local privilege escalation vulnerability in some Huawei products. A local authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.06.5.0.SPC100.B2106.5.1.1.B0106.5.1.1.B0206.5.1.1.B0306.5.1.1.B0406.5.1.SPC100.B0506.5.1.SPC101.B0106.5.1.SPC101.B0406.5.1.SPC2006.5.1.SPC200.B0106.5.1.SPC200.B0306.5.1.SPC200.B0406.5.1.SPC200.B0506.5.1.SPC200.B0606.5.1.SPC200.B0706.5.1RC1.B0606.5.1RC2.B0206.5.1RC2.B0306.5.1RC2.B0406.5.1RC2.B0506.5.1RC2.B0606.5.1RC2.B0706.5.1RC2.B0806.5.1RC2.B0906.5.RC2.B0508.0.08.0.0-LCND818.0.0.SPC1008.0.18.0.RC28.0.RC38.0.RC3.B0418.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC238.0.0.SPC12; SMC2.0 versions V600R019C00V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8