Lucene search

Huawei TechnologiesHUAWEI-SA-20211103-01-PRIVILEGE

HistoryNov 03, 2021 - 12:00 a.m.

Security Advisory - Privilege Escalation Vulnerability in Huawei Product

2021-11-0300:00:00

Huawei Technologies

www.huawei.com

privilege escalation

huawei

vulnerability

restrictions

local attacker

cve-2021-39976

software updates

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

There is a privilege escalation vulnerability in some Huawei products. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. (Vulnerability ID: HWPSIRT-2021-78991)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-39976.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211103-01-privilege-en>

Affected configurations

Vulners

Node

huaweicloudengine_12800_firmwareMatchv200r005c10spc800

huaweicloudengine_12800_firmwareMatchv200r019c00spc800

huaweicloudengine_12800_firmwareMatchv200r019c10spc800

huaweicloudengine_12800_firmwareMatchv200r019c10spc900

huaweicloudengine_5800_firmwareMatchv200r005c10spc800

huaweicloudengine_5800_firmwareMatchv200r019c00spc800

huaweicloudengine_5800_firmwareMatchv200r019c10spc800

huaweicloudengine_5800_firmwareMatchv200r020c00spc600

huaweicloudengine_6800_firmwareMatchv200r005c10spc800

huaweicloudengine_6800_firmwareMatchv200r005c20spc800

huaweicloudengine_6800_firmwareMatchv200r019c00spc800

huaweicloudengine_6800_firmwareMatchv200r019c10spc800

huaweicloudengine_6800_firmwareMatchv200r019c10spc900

huaweicloudengine_6800_firmwareMatchv200r020c00spc600

huaweicloudengine_6800_firmwareMatchv300r020c00spc200

huaweicloudengine_7800_firmwareMatchv200r005c10spc800

huaweicloudengine_7800_firmwareMatchv200r019c00spc800

huaweicloudengine_7800_firmwareMatchv200r019c10spc800

VendorProductVersionCPE
huaweicloudengine_12800_firmwarev200r005c10spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r019c00spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r019c10spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r019c10spc900cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc900:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r005c10spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r019c00spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c00spc800:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r019c10spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c10spc800:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r020c00spc600cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r020c00spc600:*:*:*:*:*:*:*
huaweicloudengine_6800_firmwarev200r005c10spc800cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c10spc800:*:*:*:*:*:*:*
huaweicloudengine_6800_firmwarev200r005c20spc800cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c20spc800:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	cloudengine_12800_firmware	v200r005c10spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:::::::*
huawei	cloudengine_12800_firmware	v200r019c00spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:::::::*
huawei	cloudengine_12800_firmware	v200r019c10spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc800:::::::*
huawei	cloudengine_12800_firmware	v200r019c10spc900	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc900:::::::*
huawei	cloudengine_5800_firmware	v200r005c10spc800	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:::::::*
huawei	cloudengine_5800_firmware	v200r019c00spc800	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c00spc800:::::::*
huawei	cloudengine_5800_firmware	v200r019c10spc800	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c10spc800:::::::*
huawei	cloudengine_5800_firmware	v200r020c00spc600	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r020c00spc600:::::::*
huawei	cloudengine_6800_firmware	v200r005c10spc800	cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c10spc800:::::::*
huawei	cloudengine_6800_firmware	v200r005c20spc800	cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c20spc800:::::::*

Rows per page:

1-10 of 181

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for HUAWEI-SA-20211103-01-PRIVILEGE