CVE-2021-37106Command Injection in Huawei Fusioncompute

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.4%
top 38.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Fusioncompute
Timeline
PublishedSep 28
Latest updateMay 24

Description

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5huawei/fusioncompute6.3.0,6.3.1,6.5.0,8.0.0
NVDhuawei/fusioncompute4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-2r4h-9r32-83xj: There is a command injection vulnerability in CMA service module of FusionCompute 62022-05-24
CVEList
CVE-2021-37106: There is a command injection vulnerability in CMA service module of FusionCompute 62021-09-28
CVE-2021-37106 — Command Injection in Huawei | cvebase