Lucene search

Huawei TechnologiesHUAWEI-SA-20210630-01-PATHTRAVERSAL

HistoryJun 30, 2021 - 12:00 a.m.

Security Advisory - Path Traversal Vulnerability in Some Huawei Products

2021-06-3000:00:00

Huawei Technologies

www.huawei.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

30.4%

JSON

There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. (Vulnerability ID: HWPSIRT-2020-04159)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-22440.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-pathtraversal-en>

Affected configurations

Vulners

Node

huaweihonor_20Match9.0.0.195

huaweihonor_20Match9.1.0.139

huaweimate_9_proMatch9.0.0.187

huaweimate_9_proMatch9.0.0.188

huaweimate_9_proMatch9.0.0.245

huaweimate_9_proMatch9.0.0.266

huaweimate_9_proMatch9.0.0.267

huaweimate_9_proMatch9.0.0.268

huaweimate_9_proMatch9.0.0.278

huaweihonor_20Match9.1.0.135

huaweihonor_20Match9.1.0.139

huaweihima-l29cMatch9.0.0.105

huaweilaya-al00epMatch9.1.0.139

huaweioxfordpl-an00bRange<10.1.0.128

huaweioxfords-an00aMatch10.1.0.223

huaweitony-al00bMatch9.1.0.257

huaweitony-tl00bMatch9.1.0.259

CPENameOperatorVersion
huawei mate 20eq9.0.0.195
huawei mate 20eq9.1.0.139
huawei mate 20 proeq9.0.0.187
huawei mate 20 proeq9.0.0.188
huawei mate 20 proeq9.0.0.245
huawei mate 20 proeq9.0.0.266
huawei mate 20 proeq9.0.0.267
huawei mate 20 proeq9.0.0.268
huawei mate 20 proeq9.0.0.278
huawei mate 20 xeq9.1.0.135

Name	Operator	Version
huawei mate 20	eq	9.0.0.195
huawei mate 20	eq	9.1.0.139
huawei mate 20 pro	eq	9.0.0.187
huawei mate 20 pro	eq	9.0.0.188
huawei mate 20 pro	eq	9.0.0.245
huawei mate 20 pro	eq	9.0.0.266
huawei mate 20 pro	eq	9.0.0.267
huawei mate 20 pro	eq	9.0.0.268
huawei mate 20 pro	eq	9.0.0.278
huawei mate 20 x	eq	9.1.0.135

Rows per page:

1-10 of 191

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

30.4%

JSON

Related for HUAWEI-SA-20210630-01-PATHTRAVERSAL