Sign-up

ID

VAR-202108-0276


CVE

CVE-2021-22396


TITLE

eCNS280_TD  and  eSE620X vESS  Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2021-009451

DESCRIPTION

There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product versions include:eCNS280_TD V100R005C00,V100R005C10;eSE620X vESS V100R001C10SPC200,V100R001C20SPC200. eCNS280_TD and eSE620X vESS Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei eCNS280_TD is the core network equipment of the wireless broadband trunking system of China's Huawei (Huawei) company. Huawei ESE620X vESS is a virtual enterprise service controller of China's Huawei (Huawei) company. The vulnerabilities stem from that the product does not properly impose security restrictions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-22396 // JVNDB: JVNDB-2021-009451 // CNVD: CNVD-2021-84911 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-22396

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-84911

AFFECTED PRODUCTS

vendor:huaweimodel:ecns280 tdscope:eqversion:v100r005c00

Trust: 1.0

vendor:huaweimodel:ese620x vessscope:eqversion:v100r001c20spc200

Trust: 1.0

vendor:huaweimodel:ese620x vessscope:eqversion:v100r001c10spc200

Trust: 1.0

vendor:huaweimodel:ecns280 tdscope:eqversion:v100r005c10

Trust: 1.0

vendor:huaweimodel:ecns280 tdscope: - version: -

Trust: 0.8

vendor:huaweimodel:ese620x vessscope: - version: -

Trust: 0.8

vendor:huaweimodel:ecns280 td v100r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns280 td v100r005c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:ese620x vess v100r001c10spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:ese620x vess v100r001c20spc200scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-84911 // JVNDB: JVNDB-2021-009451 // NVD: CVE-2021-22396

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22396
value: HIGH

Trust: 1.0

NVD: CVE-2021-22396
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-84911
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-1058
value: HIGH

Trust: 0.6

VULMON: CVE-2021-22396
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22396
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-84911
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-22396
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22396
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-84911 // VULMON: CVE-2021-22396 // JVNDB: JVNDB-2021-009451 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1058 // NVD: CVE-2021-22396

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-009451 // NVD: CVE-2021-22396

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1058

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Security Advisory - Privilege Escalation Vulnerability in some Huawei Productsurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-privilege-en

Trust: 0.8

title:Patch for Privilege escalation vulnerabilities in multiple Huawei productsurl:https://www.cnvd.org.cn/patchInfo/show/297526

Trust: 0.6

title:Huawei eCNS280_TD Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159615

Trust: 0.6

sources: CNVD: CNVD-2021-84911 // JVNDB: JVNDB-2021-009451 // CNNVD: CNNVD-202107-1058

EXTERNAL IDS

db:NVDid:CVE-2021-22396

Trust: 3.9

db:JVNDBid:JVNDB-2021-009451

Trust: 0.8

db:CNVDid:CNVD-2021-84911

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021071504

Trust: 0.6

db:CNNVDid:CNNVD-202107-1058

Trust: 0.6

db:VULMONid:CVE-2021-22396

Trust: 0.1

sources: CNVD: CNVD-2021-84911 // VULMON: CVE-2021-22396 // JVNDB: JVNDB-2021-009451 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1058 // NVD: CVE-2021-22396

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-privilege-en

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22396

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071504

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-84911 // VULMON: CVE-2021-22396 // JVNDB: JVNDB-2021-009451 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1058 // NVD: CVE-2021-22396

SOURCES

db:CNVDid:CNVD-2021-84911
db:VULMONid:CVE-2021-22396
db:JVNDBid:JVNDB-2021-009451
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-1058
db:NVDid:CVE-2021-22396

LAST UPDATE DATE

2024-08-14T13:16:19.952000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-84911date:2021-11-08T00:00:00
db:VULMONid:CVE-2021-22396date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2021-009451date:2022-04-27T07:14:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-1058date:2021-08-25T00:00:00
db:NVDid:CVE-2021-22396date:2021-08-11T15:06:01.297

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-84911date:2021-11-08T00:00:00
db:VULMONid:CVE-2021-22396date:2021-08-02T00:00:00
db:JVNDBid:JVNDB-2021-009451date:2022-04-27T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-1058date:2021-07-15T00:00:00
db:NVDid:CVE-2021-22396date:2021-08-02T17:15:14.087