Details of VAR-202106-0618

ID

VAR-202106-0618

CVE

CVE-2021-22439

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Huawei AnyOffice is an application software of China Huawei (Huawei). A mobile office solution

Trust: 1.62

sources: NVD: CVE-2021-22439 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380874 // VULMON: CVE-2021-22439

AFFECTED PRODUCTS

vendor:

huawei

model:

anyoffice

scope:

version:

v200r006c10

Trust: 1.0

sources: NVD: CVE-2021-22439

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22439
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1441
value:	HIGH
Trust: 0.6
VULHUB:	VHN-380874
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-22439
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-22439
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-380874
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22439
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-380874 // VULMON: CVE-2021-22439 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1441 // NVD: CVE-2021-22439

PROBLEMTYPE DATA

problemtype:

CWE-502

Trust: 1.1

sources: VULHUB: VHN-380874 // NVD: CVE-2021-22439

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1441

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

Huawei AnyOffice Fixes for code issue vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154509

Trust: 0.6

sources: CNNVD: CNNVD-202106-1441

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22439	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3306	Trust: 0.6
db:	CS-HELP	id:	SB2021100609	Trust: 0.6
db:	CS-HELP	id:	SB2021062101	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-278-02	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1441	Trust: 0.6
db:	VULHUB	id:	VHN-380874	Trust: 0.1
db:	VULMON	id:	CVE-2021-22439	Trust: 0.1

sources: VULHUB: VHN-380874 // VULMON: CVE-2021-22439 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1441 // NVD: CVE-2021-22439

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210619-01-injection-en	Trust: 1.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021062101	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-278-02	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3306	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021100609	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210619-01-injection-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/502.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380874 // VULMON: CVE-2021-22439 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1441 // NVD: CVE-2021-22439

CREDITS

The vulnerability was tested and found by external researchers

Trust: 0.6

sources: CNNVD: CNNVD-202106-1441

SOURCES

db:	VULHUB	id:	VHN-380874
db:	VULMON	id:	CVE-2021-22439
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-1441
db:	NVD	id:	CVE-2021-22439

LAST UPDATE DATE

2024-08-14T12:51:43.389000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380874	date:	2021-07-02T00:00:00
db:	VULMON	id:	CVE-2021-22439	date:	2021-07-02T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-1441	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2021-22439	date:	2021-07-02T19:57:25.147

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380874	date:	2021-06-29T00:00:00
db:	VULMON	id:	CVE-2021-22439	date:	2021-06-29T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-1441	date:	2021-06-19T00:00:00
db:	NVD	id:	CVE-2021-22439	date:	2021-06-29T19:15:09.213