CVE-2021-22311

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

7.2HIGH

EPSS

0.1%

top 64.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Manageone

Timeline

PublishedMar 22

Latest updateMay 24

Description

There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include: ManageOne versions 8.0.0, 8.0.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/manageone8.0.0, 8.0.1+1

▶CVEListV5manageone8.0.0,8.0.1

🔴Vulnerability Details

GHSA

GHSA-j5x5-8m8g-qv9p: There is an improper permission assignment vulnerability in Huawei ManageOne product↗2022-05-24

▶

CVEList

CVE-2021-22311: There is an improper permission assignment vulnerability in Huawei ManageOne product↗2021-03-22

▶