CVE-2021-22293

CWE-444 — HTTP Request Smuggling3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 67.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Campusinsight Huawei Manageone Huawei Taurus-al00a Firmware

Timeline

PublishedFeb 6

Latest updateMay 24

Description

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDhuawei/taurus-al00a_firmware10.0.0.1\(c00e1r1p1\)

▶NVDhuawei/manageone6.5.1.1, 8.0.0+1

▶NVDhuawei/campusinsightv100r019c10

▶CVEListV5manageone6 versions+5

▶CVEListV5campusinsightV100R019C10

🔴Vulnerability Details

GHSA

GHSA-pxp2-gjpv-xjrc: Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability↗2022-05-24

▶

CVEList

CVE-2021-22293: Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability↗2021-02-06

▶