CVE-2021-22396 — Improper Privilege Management in Huawei Ecns280 TD Firmware

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 94.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Ecns280 TD Firmware Huawei Ese620x Vess Firmware

Timeline

PublishedAug 2

Latest updateMay 24

Description

There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product versions include:eCNS280_TD V100R005C00,V100R005C10;eSE620X vESS V100R001C10SPC200,V100R001C20SPC200.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/ese620x_vess_firmwarev100r001c10spc200, v100r001c20spc200+1

▶NVDhuawei/ecns280_td_firmwarev100r005c00, v100r005c10+1

🔴Vulnerability Details

GHSA

GHSA-rg9j-p47f-47fq: There is a privilege escalation vulnerability in some Huawei products↗2022-05-24

▶

CVEList

CVE-2021-22396: There is a privilege escalation vulnerability in some Huawei products↗2021-08-02

▶