CVE-2021-39976Improper Privilege Management in Huawei Cloudengine 5800 Firmware

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Cloudengine 5800 Firmware
Timeline
PublishedNov 23
Latest updateMay 24

Description

There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5huawei/cloudengine_5800_firmwareV200R020C00SPC600
NVDhuawei/cloudengine_5800_firmwarev200r020c00spc600

🔴Vulnerability Details

2
GHSA
GHSA-qjh4-6fwh-rj27: There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC6002022-05-24
CVEList
CVE-2021-39976: There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC6002021-11-23
CVE-2021-39976 — Improper Privilege Management | cvebase