#VU60592 Permissions, Privileges, and Access Controls in Huawei PCManager


Published: 2022-02-15

Vulnerability identifier: #VU60592

Vulnerability risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-40046

CWE-ID: CWE-264

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Huawei PCManager
Client/Desktop applications / Other client software

Vendor: Huawei

Description

The vulnerability allows a remote attacker on the local network to escalate privileges on the system.

The vulnerability exists due to a module fails to fully verify external input, which leads to security restrictions bypass and privilege escalation.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Huawei PCManager: 11.1.1.95

External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220216-01-priesc-en

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Privilege escalation in Huawei PCManager