Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20210407-01-RESOURCEMANAGEMENT
HistoryApr 07, 2021 - 12:00 a.m.

Security Advisory - Improper Licenses Management Vulnerability in Some Products

2021-04-0700:00:00
Huawei Technologies
www.huawei.com
20

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

22.7%

There has a license management vulnerability in some huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. (Vulnerability ID: HWPSIRT-2020-15477)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-22329.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-resourcemanagement-en

Affected configurations

Vulners
Node
huaweis12700MatchV200R007C01
OR
huaweis12700MatchV200R007C01B102
OR
huaweis12700MatchV200R008C00
OR
huaweis12700MatchV200R010C00SPC300
OR
huaweis12700MatchV200R011C00
OR
huaweis12700MatchV200R011C00SPC100
OR
huaweis12700MatchV200R011C10
OR
huaweis1700MatchV200R010C00SPC300
OR
huaweis1700MatchV200R011C00
OR
huaweis1700MatchV200R011C00SPC100
OR
huaweis1700MatchV200R011C10
OR
huaweis2700MatchV200R008C00
OR
huaweis2700MatchV200R010C00SPC300
OR
huaweis2700MatchV200R011C00
OR
huaweis2700MatchV200R011C00SPC100
OR
huaweis2700MatchV200R011C10
OR
huaweis5700MatchV200R008C00
OR
huaweis5700MatchV200R010C00SPC300
OR
huaweis5700MatchV200R011C00
OR
huaweis5700MatchV200R011C00SPC100
OR
huaweis5700MatchV200R011C10
OR
huaweis5700MatchV200R011C10SPC100
OR
huaweis6700MatchV200R008C00
OR
huaweis6700MatchV200R010C00SPC300
OR
huaweis6700MatchV200R011C00
OR
huaweis6700MatchV200R011C00SPC100
OR
huaweis6700MatchV200R011C10
OR
huaweis6700MatchV200R011C10SPC100
OR
huaweis7700MatchV200R008C00
OR
huaweis7700MatchV200R010C00SPC300
OR
huaweis7700MatchV200R011C00
OR
huaweis7700MatchV200R011C00SPC100
OR
huaweis7700MatchV200R011C10
OR
huaweis9700MatchV200R007C01
OR
huaweis9700MatchV200R007C01B102
OR
huaweis9700MatchV200R008C00
OR
huaweis9700MatchV200R010C00SPC300
OR
huaweis9700MatchV200R011C00
OR
huaweis9700MatchV200R011C00SPC100
OR
huaweis9700MatchV200R011C10

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

22.7%

Related for HUAWEI-SA-20210407-01-RESOURCEMANAGEMENT