CVE-2021-22299 (GCVE-0-2021-22299)
Vulnerability from cvelistv5 – Published: 2021-02-06 01:53 – Updated: 2024-08-03 18:37
VLAI?
Summary
There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.
Severity ?
No CVSS data available.
CWE
- Local Privilege Escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | ManageOne |
Affected:
6.5.0
Affected: 6.5.0.SPC100.B210 Affected: 6.5.1.1.B010 Affected: 6.5.1.1.B020 Affected: 6.5.1.1.B030 Affected: 6.5.1.1.B040 Affected: 6.5.1.SPC100.B050 Affected: 6.5.1.SPC101.B010 Affected: 6.5.1.SPC101.B040 Affected: 6.5.1.SPC200 Affected: 6.5.1.SPC200.B010 Affected: 6.5.1.SPC200.B030 Affected: 6.5.1.SPC200.B040 Affected: 6.5.1.SPC200.B050 Affected: 6.5.1.SPC200.B060 Affected: 6.5.1.SPC200.B070 Affected: 6.5.1RC1.B060 Affected: 6.5.1RC2.B020 Affected: 6.5.1RC2.B030 Affected: 6.5.1RC2.B040 Affected: 6.5.1RC2.B050 Affected: 6.5.1RC2.B060 Affected: 6.5.1RC2.B070 Affected: 6.5.1RC2.B080 Affected: 6.5.1RC2.B090 Affected: 6.5.RC2.B050 Affected: 8.0.0 Affected: 8.0.0-LCND81 Affected: 8.0.0.SPC100 Affected: 8.0.1 Affected: 8.0.RC2 Affected: 8.0.RC3 Affected: 8.0.RC3.B041 Affected: 8.0.RC3.SPC100 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageOne",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.0"
},
{
"status": "affected",
"version": "6.5.0.SPC100.B210"
},
{
"status": "affected",
"version": "6.5.1.1.B010"
},
{
"status": "affected",
"version": "6.5.1.1.B020"
},
{
"status": "affected",
"version": "6.5.1.1.B030"
},
{
"status": "affected",
"version": "6.5.1.1.B040"
},
{
"status": "affected",
"version": "6.5.1.SPC100.B050"
},
{
"status": "affected",
"version": "6.5.1.SPC101.B010"
},
{
"status": "affected",
"version": "6.5.1.SPC101.B040"
},
{
"status": "affected",
"version": "6.5.1.SPC200"
},
{
"status": "affected",
"version": "6.5.1.SPC200.B010"
},
{
"status": "affected",
"version": "6.5.1.SPC200.B030"
},
{
"status": "affected",
"version": "6.5.1.SPC200.B040"
},
{
"status": "affected",
"version": "6.5.1.SPC200.B050"
},
{
"status": "affected",
"version": "6.5.1.SPC200.B060"
},
{
"status": "affected",
"version": "6.5.1.SPC200.B070"
},
{
"status": "affected",
"version": "6.5.1RC1.B060"
},
{
"status": "affected",
"version": "6.5.1RC2.B020"
},
{
"status": "affected",
"version": "6.5.1RC2.B030"
},
{
"status": "affected",
"version": "6.5.1RC2.B040"
},
{
"status": "affected",
"version": "6.5.1RC2.B050"
},
{
"status": "affected",
"version": "6.5.1RC2.B060"
},
{
"status": "affected",
"version": "6.5.1RC2.B070"
},
{
"status": "affected",
"version": "6.5.1RC2.B080"
},
{
"status": "affected",
"version": "6.5.1RC2.B090"
},
{
"status": "affected",
"version": "6.5.RC2.B050"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0-LCND81"
},
{
"status": "affected",
"version": "8.0.0.SPC100"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "8.0.RC2"
},
{
"status": "affected",
"version": "8.0.RC3"
},
{
"status": "affected",
"version": "8.0.RC3.B041"
},
{
"status": "affected",
"version": "8.0.RC3.SPC100"
}
]
},
{
"product": "NFV_FusionSphere",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.5.1.SPC23"
},
{
"status": "affected",
"version": "8.0.0.SPC12"
}
]
},
{
"product": "SMC2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V600R019C00"
},
{
"status": "affected",
"version": "V600R019C10"
}
]
},
{
"product": "iMaster MAE-M",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-06T01:53:36",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-22299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageOne",
"version": {
"version_data": [
{
"version_value": "6.5.0"
},
{
"version_value": "6.5.0.SPC100.B210"
},
{
"version_value": "6.5.1.1.B010"
},
{
"version_value": "6.5.1.1.B020"
},
{
"version_value": "6.5.1.1.B030"
},
{
"version_value": "6.5.1.1.B040"
},
{
"version_value": "6.5.1.SPC100.B050"
},
{
"version_value": "6.5.1.SPC101.B010"
},
{
"version_value": "6.5.1.SPC101.B040"
},
{
"version_value": "6.5.1.SPC200"
},
{
"version_value": "6.5.1.SPC200.B010"
},
{
"version_value": "6.5.1.SPC200.B030"
},
{
"version_value": "6.5.1.SPC200.B040"
},
{
"version_value": "6.5.1.SPC200.B050"
},
{
"version_value": "6.5.1.SPC200.B060"
},
{
"version_value": "6.5.1.SPC200.B070"
},
{
"version_value": "6.5.1RC1.B060"
},
{
"version_value": "6.5.1RC2.B020"
},
{
"version_value": "6.5.1RC2.B030"
},
{
"version_value": "6.5.1RC2.B040"
},
{
"version_value": "6.5.1RC2.B050"
},
{
"version_value": "6.5.1RC2.B060"
},
{
"version_value": "6.5.1RC2.B070"
},
{
"version_value": "6.5.1RC2.B080"
},
{
"version_value": "6.5.1RC2.B090"
},
{
"version_value": "6.5.RC2.B050"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0-LCND81"
},
{
"version_value": "8.0.0.SPC100"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.RC2"
},
{
"version_value": "8.0.RC3"
},
{
"version_value": "8.0.RC3.B041"
},
{
"version_value": "8.0.RC3.SPC100"
}
]
}
},
{
"product_name": "NFV_FusionSphere",
"version": {
"version_data": [
{
"version_value": "6.5.1.SPC23"
},
{
"version_value": "8.0.0.SPC12"
}
]
}
},
{
"product_name": "SMC2.0",
"version": {
"version_data": [
{
"version_value": "V600R019C00"
},
{
"version_value": "V600R019C10"
}
]
}
},
{
"product_name": "iMaster MAE-M",
"version": {
"version_data": [
{
"version_value": "MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2021-22299",
"datePublished": "2021-02-06T01:53:36",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:37:18.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:imaster_mae-m:v100r020c10spc220:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F67A4BC-9424-458A-A24B-2AFF301329C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14B3716-7A94-42C5-AE2C-9F64C15A43EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.0:rc2.b050:*:*:*:*:*:*\", \"matchCriteriaId\": \"E514234B-1DB4-4170-BC73-510058ED5788\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.0:spc100.b210:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F587216-1355-4DD6-83E2-27CCE4ACC2E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"CAE8F0E3-8BCA-4059-9BE1-A7BDFD18531A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:rc1.b060:*:*:*:*:*:*\", \"matchCriteriaId\": \"24872541-A493-48BD-AA2C-7A976FF75F9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b020:*:*:*:*:*:*\", \"matchCriteriaId\": \"61EC963F-1160-43D4-B4E4-2CC2B209B4DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b030:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B7820BE-0307-40F3-A7BD-66D5B8C7A0A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b040:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD086E38-D1F5-4160-A7A2-12E681F686CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b050:*:*:*:*:*:*\", \"matchCriteriaId\": \"035E4DF1-4B17-448B-8A78-CD81F68D38CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b060:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDDB5BDF-9760-4EE6-947D-A633B9CC0D36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b070:*:*:*:*:*:*\", \"matchCriteriaId\": \"31787857-76F6-4E80-82B7-56B1C12B6628\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b080:*:*:*:*:*:*\", \"matchCriteriaId\": \"3495FF32-2906-4064-A636-64EB3A06421D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b090:*:*:*:*:*:*\", \"matchCriteriaId\": \"73901E08-8C24-46FB-A42D-6457630AA6DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:spc100.b050:*:*:*:*:*:*\", \"matchCriteriaId\": \"A472E9AA-784F-4AE2-B1D8-6C77EA1664B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:spc101.b010:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7CC07B4-FBF6-4AC9-8C54-B7845A068BBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:spc101.b040:*:*:*:*:*:*\", \"matchCriteriaId\": \"36904A81-9DCD-4E65-ADC1-A5A96FA0D939\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:spc200:*:*:*:*:*:*\", \"matchCriteriaId\": \"481FA740-3E71-443D-99DF-89CA198951A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:spc200.b010:*:*:*:*:*:*\", \"matchCriteriaId\": \"37636652-DC9E-4310-AB33-1C67B85A7BF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:spc200.b030:*:*:*:*:*:*\", \"matchCriteriaId\": \"C462984C-407A-4D52-BEDD-7E300482E2AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:spc200.b040:*:*:*:*:*:*\", \"matchCriteriaId\": \"154A70F1-C15A-41B1-97B8-89550595BF44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:spc200.b050:*:*:*:*:*:*\", \"matchCriteriaId\": \"B58D9F18-F7B5-4514-978D-EC419614F521\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:spc200.b060:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD51B07E-213B-4D32-A121-E2FD124EA1A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1:spc200.b070:*:*:*:*:*:*\", \"matchCriteriaId\": \"7926B343-242E-414B-B573-84DB16A2FCBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1.1:b010:*:*:*:*:*:*\", \"matchCriteriaId\": \"463A4059-55EF-4862-B8AD-90DCAC0CC871\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*\", \"matchCriteriaId\": \"4042FC49-4FC7-46B4-8D14-ECACF22A9860\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4D8799F-9ADD-442F-BC39-4BCAFBFFBE2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*\", \"matchCriteriaId\": \"535597A4-29C8-44A8-9008-4F4E10030531\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:8.0.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFA5EBB8-C174-4CF0-ADE6-15B62C10DD86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:8.0.0:lcnd81:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9090F1E-EF60-4E54-9885-7F6B1681DE9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"51E51969-9D4D-4A58-BEBD-19F4BD64BC7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:8.0.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A1E9FF8-C0A4-47A5-9738-4D0ADB35DAF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:8.0.0:rc3.b041:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B552573-DB7A-4454-A832-AE1811A9577C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:8.0.0:rc3.spc100:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D17BA55-6032-4BC4-BEB3-4FB27BA81777\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:8.0.0:spc100:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EDE7C94-7E89-45E6-8A79-32E53D9139DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47A8E919-FAC0-4011-927F-599AA7688A32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:network_functions_virtualization_fusionsphere:6.5.1:spc12:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD187FC7-B1BE-4BF1-BB6E-AA05CEFE4910\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:huawei:network_functions_virtualization_fusionsphere:6.5.1:spc23:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FBB7636-4E6E-4621-9F42-9CDC8EB472F3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:smc2.0_firmware:v600r019c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2DC0656-EE97-43AF-9499-7ED8E31D6458\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:smc2.0_firmware:v600r019c10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C32980F5-E091-4B2F-A8D3-F30367C8B9C9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:smc2.0:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDBEFFB4-9742-48CC-BBA6-E5DCA281B343\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de escalada de privilegios local en algunos productos Huawei. Un atacante autentificado local podr\\u00eda dise\\u00f1ar comandos espec\\u00edficos para explotar esta vulnerabilidad. Una explotaci\\u00f3n con \\u00e9xito puede hacer que un atacante obtenga un mayor privilegio. Las versiones de producto afectadas incluyen: ManageOne versiones 6.5.0, 6.5.0.SPC100.B210, 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1 .SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B060, 6.5.1RC2.B020, 6.5.1RC2.B030, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090, 6.5.RC2.B050, 8.0.0, 8.0.0-LCND81, 8.0.0.SPC100, 8.0.1, 8.0.RC2, 8.0.RC3, 8.0.RC3.B041, 8.0.RC3.SPC100;\u0026#xa0;NFV_FusionSphere versiones 6.5.1.SPC23, 8.0.0.SPC12; SMC2.0 versiones V600R019C00,\u0026#xa0;V600R019C10;\u0026#xa0;iMaster MAE-M versiones MAE-TOOL (FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220\"}]",
"id": "CVE-2021-22299",
"lastModified": "2024-11-21T05:49:52.027",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-02-06T02:15:12.680",
"references": "[{\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-22299\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2021-02-06T02:15:12.680\",\"lastModified\":\"2024-11-21T05:49:52.027\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de escalada de privilegios local en algunos productos Huawei. Un atacante autentificado local podr\u00eda dise\u00f1ar comandos espec\u00edficos para explotar esta vulnerabilidad. Una explotaci\u00f3n con \u00e9xito puede hacer que un atacante obtenga un mayor privilegio. Las versiones de producto afectadas incluyen: ManageOne versiones 6.5.0, 6.5.0.SPC100.B210, 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1 .SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B060, 6.5.1RC2.B020, 6.5.1RC2.B030, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090, 6.5.RC2.B050, 8.0.0, 8.0.0-LCND81, 8.0.0.SPC100, 8.0.1, 8.0.RC2, 8.0.RC3, 8.0.RC3.B041, 8.0.RC3.SPC100;\u0026#xa0;NFV_FusionSphere versiones 6.5.1.SPC23, 8.0.0.SPC12; SMC2.0 versiones V600R019C00,\u0026#xa0;V600R019C10;\u0026#xa0;iMaster MAE-M versiones MAE-TOOL (FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:imaster_mae-m:v100r020c10spc220:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F67A4BC-9424-458A-A24B-2AFF301329C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14B3716-7A94-42C5-AE2C-9F64C15A43EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.0:rc2.b050:*:*:*:*:*:*\",\"matchCriteriaId\":\"E514234B-1DB4-4170-BC73-510058ED5788\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.0:spc100.b210:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F587216-1355-4DD6-83E2-27CCE4ACC2E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAE8F0E3-8BCA-4059-9BE1-A7BDFD18531A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:rc1.b060:*:*:*:*:*:*\",\"matchCriteriaId\":\"24872541-A493-48BD-AA2C-7A976FF75F9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b020:*:*:*:*:*:*\",\"matchCriteriaId\":\"61EC963F-1160-43D4-B4E4-2CC2B209B4DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b030:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B7820BE-0307-40F3-A7BD-66D5B8C7A0A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b040:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD086E38-D1F5-4160-A7A2-12E681F686CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b050:*:*:*:*:*:*\",\"matchCriteriaId\":\"035E4DF1-4B17-448B-8A78-CD81F68D38CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b060:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDDB5BDF-9760-4EE6-947D-A633B9CC0D36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b070:*:*:*:*:*:*\",\"matchCriteriaId\":\"31787857-76F6-4E80-82B7-56B1C12B6628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b080:*:*:*:*:*:*\",\"matchCriteriaId\":\"3495FF32-2906-4064-A636-64EB3A06421D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:rc2.b090:*:*:*:*:*:*\",\"matchCriteriaId\":\"73901E08-8C24-46FB-A42D-6457630AA6DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:spc100.b050:*:*:*:*:*:*\",\"matchCriteriaId\":\"A472E9AA-784F-4AE2-B1D8-6C77EA1664B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:spc101.b010:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7CC07B4-FBF6-4AC9-8C54-B7845A068BBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:spc101.b040:*:*:*:*:*:*\",\"matchCriteriaId\":\"36904A81-9DCD-4E65-ADC1-A5A96FA0D939\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:spc200:*:*:*:*:*:*\",\"matchCriteriaId\":\"481FA740-3E71-443D-99DF-89CA198951A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:spc200.b010:*:*:*:*:*:*\",\"matchCriteriaId\":\"37636652-DC9E-4310-AB33-1C67B85A7BF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:spc200.b030:*:*:*:*:*:*\",\"matchCriteriaId\":\"C462984C-407A-4D52-BEDD-7E300482E2AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:spc200.b040:*:*:*:*:*:*\",\"matchCriteriaId\":\"154A70F1-C15A-41B1-97B8-89550595BF44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:spc200.b050:*:*:*:*:*:*\",\"matchCriteriaId\":\"B58D9F18-F7B5-4514-978D-EC419614F521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:spc200.b060:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD51B07E-213B-4D32-A121-E2FD124EA1A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1:spc200.b070:*:*:*:*:*:*\",\"matchCriteriaId\":\"7926B343-242E-414B-B573-84DB16A2FCBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1.1:b010:*:*:*:*:*:*\",\"matchCriteriaId\":\"463A4059-55EF-4862-B8AD-90DCAC0CC871\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*\",\"matchCriteriaId\":\"4042FC49-4FC7-46B4-8D14-ECACF22A9860\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4D8799F-9ADD-442F-BC39-4BCAFBFFBE2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*\",\"matchCriteriaId\":\"535597A4-29C8-44A8-9008-4F4E10030531\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:8.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFA5EBB8-C174-4CF0-ADE6-15B62C10DD86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:8.0.0:lcnd81:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9090F1E-EF60-4E54-9885-7F6B1681DE9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"51E51969-9D4D-4A58-BEBD-19F4BD64BC7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:8.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A1E9FF8-C0A4-47A5-9738-4D0ADB35DAF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:8.0.0:rc3.b041:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B552573-DB7A-4454-A832-AE1811A9577C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:8.0.0:rc3.spc100:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D17BA55-6032-4BC4-BEB3-4FB27BA81777\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:8.0.0:spc100:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EDE7C94-7E89-45E6-8A79-32E53D9139DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47A8E919-FAC0-4011-927F-599AA7688A32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:network_functions_virtualization_fusionsphere:6.5.1:spc12:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD187FC7-B1BE-4BF1-BB6E-AA05CEFE4910\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:network_functions_virtualization_fusionsphere:6.5.1:spc23:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FBB7636-4E6E-4621-9F42-9CDC8EB472F3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smc2.0_firmware:v600r019c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2DC0656-EE97-43AF-9499-7ED8E31D6458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:smc2.0_firmware:v600r019c10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C32980F5-E091-4B2F-A8D3-F30367C8B9C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:smc2.0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDBEFFB4-9742-48CC-BBA6-E5DCA281B343\"}]}]}],\"references\":[{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…