Lucene search

HuaweiCVE-2021-22340

HistoryJun 29, 2021 - 7:15 p.m.

CVE-2021-22340

2021-06-2919:15:09

CWE-362

huawei

web.nvd.nist.gov

huawei

vulnerability

cve-2021-22340

security

system crash

manageone

smc2.0

nvd

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

4.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.3

Confidence

High

EPSS

Percentile

12.6%

JSON

There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931

Affected configurations

Nvd

Vulners

Node

huaweimanageoneMatch6.5.1spc200

huaweimanageoneMatch8.0.0-

huaweimanageoneMatch8.0.0lcnd81

huaweimanageoneMatch8.0.0rc2

huaweimanageoneMatch8.0.0rc3

huaweimanageoneMatch8.0.0rc3.spc100

huaweimanageoneMatch8.0.0spc100

huaweimanageoneMatch8.0.1

huaweismc2.0Matchv600r019c10spc700

huaweismc2.0Matchv600r019c10spc702

huaweismc2.0Matchv600r019c10spc703

huaweismc2.0Matchv600r019c10spc800

huaweismc2.0Matchv600r019c10spc900

huaweismc2.0Matchv600r019c10spc910

huaweismc2.0Matchv600r019c10spc920

huaweismc2.0Matchv600r019c10spc921

huaweismc2.0Matchv600r019c10spc922

huaweismc2.0Matchv600r019c10spc930

huaweismc2.0Matchv600r019c10spc931

VendorProductVersionCPE
huaweimanageone6.5.1cpe:2.3:a:huawei:manageone:6.5.1:spc200:*:*:*:*:*:*
huaweimanageone8.0.0cpe:2.3:a:huawei:manageone:8.0.0:-:*:*:*:*:*:*
huaweimanageone8.0.0cpe:2.3:a:huawei:manageone:8.0.0:lcnd81:*:*:*:*:*:*
huaweimanageone8.0.0cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*
huaweimanageone8.0.0cpe:2.3:a:huawei:manageone:8.0.0:rc3:*:*:*:*:*:*
huaweimanageone8.0.0cpe:2.3:a:huawei:manageone:8.0.0:rc3.spc100:*:*:*:*:*:*
huaweimanageone8.0.0cpe:2.3:a:huawei:manageone:8.0.0:spc100:*:*:*:*:*:*
huaweimanageone8.0.1cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*
huaweismc2.0v600r019c10spc700cpe:2.3:a:huawei:smc2.0:v600r019c10spc700:*:*:*:*:*:*:*
huaweismc2.0v600r019c10spc702cpe:2.3:a:huawei:smc2.0:v600r019c10spc702:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	manageone	6.5.1	cpe:2.3:a:huawei:manageone:6.5.1:spc200::::::
huawei	manageone	8.0.0	cpe:2.3:a:huawei:manageone:8.0.0:-::::::
huawei	manageone	8.0.0	cpe:2.3:a:huawei:manageone:8.0.0:lcnd81::::::
huawei	manageone	8.0.0	cpe:2.3:a:huawei:manageone:8.0.0:rc2::::::
huawei	manageone	8.0.0	cpe:2.3:a:huawei:manageone:8.0.0:rc3::::::
huawei	manageone	8.0.0	cpe:2.3:a:huawei:manageone:8.0.0:rc3.spc100::::::
huawei	manageone	8.0.0	cpe:2.3:a:huawei:manageone:8.0.0:spc100::::::
huawei	manageone	8.0.1	cpe:2.3:a:huawei:manageone:8.0.1:::::::*
huawei	smc2.0	v600r019c10spc700	cpe:2.3:a:huawei:smc2.0:v600r019c10spc700:::::::*
huawei	smc2.0	v600r019c10spc702	cpe:2.3:a:huawei:smc2.0:v600r019c10spc702:::::::*

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "product": "ManageOne;SMC2.0",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "6.5.1.SPC200,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.SPC100"
      },
      {
        "status": "affected",
        "version": "V600R019C10SPC700,V600R019C10SPC702,V600R019C10SPC703,V600R019C10SPC800,V600R019C10SPC900,V600R019C10SPC910,V600R019C10SPC920,V600R019C10SPC921,V600R019C10SPC922,V600R019C10SPC930,V600R019C10SPC931"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-racecondition-en

Social References

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

4.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.3

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2021-22340