Details of VAR-202105-0489

ID

VAR-202105-0489

CVE

CVE-2021-22358

TITLE

FusionCompute Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-007381

DESCRIPTION

There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal. FusionCompute Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Huawei FusionCompute is a virtualization support software developed by Huawei in China. The software is a virtualization engine that provides virtualization support for cloud hosts. Huawei FusionCompute version 8.0.0 has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2021-22358 // JVNDB: JVNDB-2021-007381 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380793

AFFECTED PRODUCTS

vendor:	huawei	model:	fusioncompute	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	huawei	model:	fusioncompute	scope:	eq	version:	fusioncompute firmware 8.0.0	Trust: 0.8
vendor:	huawei	model:	fusioncompute	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007381 // NVD: CVE-2021-22358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22358
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22358
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-300
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380793
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22358
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-380793
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22358
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22358
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380793 // JVNDB: JVNDB-2021-007381 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-300 // NVD: CVE-2021-22358

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380793 // JVNDB: JVNDB-2021-007381 // NVD: CVE-2021-22358

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-300

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	huawei-sa-20210506-01-inputvalidate	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210506-01-inputvalidate-en	Trust: 0.8
title:	Huawei FusionCompute Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149792	Trust: 0.6

sources: JVNDB: JVNDB-2021-007381 // CNNVD: CNNVD-202105-300

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22358	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-007381	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-300	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021050701	Trust: 0.6
db:	CNVD	id:	CNVD-2022-04715	Trust: 0.1
db:	VULHUB	id:	VHN-380793	Trust: 0.1

sources: VULHUB: VHN-380793 // JVNDB: JVNDB-2021-007381 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-300 // NVD: CVE-2021-22358

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210506-01-inputvalidate-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22358	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050701	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210506-01-inputvalidate-cn	Trust: 0.6

sources: VULHUB: VHN-380793 // JVNDB: JVNDB-2021-007381 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-300 // NVD: CVE-2021-22358

SOURCES

db:	VULHUB	id:	VHN-380793
db:	JVNDB	id:	JVNDB-2021-007381
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-300
db:	NVD	id:	CVE-2021-22358

LAST UPDATE DATE

2024-08-14T13:12:38.765000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380793	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-007381	date:	2022-02-09T08:38:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-300	date:	2021-06-07T00:00:00
db:	NVD	id:	CVE-2021-22358	date:	2021-06-04T19:31:58.630

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380793	date:	2021-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-007381	date:	2022-02-09T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-300	date:	2021-05-06T00:00:00
db:	NVD	id:	CVE-2021-22358	date:	2021-05-27T13:15:07.863