Huawei TechnologiesHUAWEI-SA-20210602-01-PERMISSIONSecurity Advisory - Improper Permission Assignment Vulnerability in Some USB Dongle Products
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
12.6%
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a MAC OS to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. (Vulnerability ID: HWPSIRT-2021-60283)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-22382.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-permission-en
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| e3372 | lt | 22.333.03.00.00 | |
| e8372 | lt | 21.333.03.00.00 |
Related
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
12.6%