CVE-2021-22299Improper Privilege Management in Huawei Imaster Mae-m

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 93.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Huawei Imaster Mae-mHuawei ManageoneHuawei Smc2.0 Firmware+1 more
Timeline
PublishedFeb 6
Latest updateMay 24

Description

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5huawei/manageone34 versions+33
NVDhuawei/manageone5 versions+4
CVEListV5huawei/imaster_mae-mMAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220
NVDhuawei/imaster_mae-mv100r020c10spc220
CVEListV5huawei/smc2.0_firmwareV600R019C00, V600R019C10+1

🔴Vulnerability Details

2
GHSA
GHSA-5mq7-rvwh-8pm7: There is a local privilege escalation vulnerability in some Huawei products2022-05-24
CVEList
CVE-2021-22299: There is a local privilege escalation vulnerability in some Huawei products2021-02-06
CVE-2021-22299 — Improper Privilege Management | cvebase