Privilege escalation in Some Huawei Products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-22299 |
| CWE-ID | CWE-264 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
ManageOne Other software / Other software solutions NFV_FusionSphere Hardware solutions / Firmware iMaster MAE-M Hardware solutions / Firmware Huawei SMC2.0 Server applications / Conferencing, Collaboration and VoIP solutions |
| Vendor | Huawei |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU49879
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22299
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsManageOne: 6.5 RC2B050 - 8.0.1
NFV_FusionSphere: 6.5.1.SPC23 - 8.0.0.SPC12
Huawei SMC2.0: V600R019C00 - V600R019C10
iMaster MAE-M: V100R020C10SPC220
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
