CVE-2021-22299

There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.

Published: Feb 6, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-22299
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
huawei / manageone	6.5.1.1-b010	6.5.1.1-b010.x
huawei / manageone	6.5.1.1-b020	6.5.1.1-b020.x
huawei / manageone	6.5.1.1-b030	6.5.1.1-b030.x
huawei / manageone	6.5.1.1-b040	6.5.1.1-b040.x
huawei / manageone	8.0.1	8.0.1.x
huawei / manageone	8.0.0-rc2	8.0.0-rc2.x
huawei / imaster_mae-m	100r020c10spc220	100r020c10spc220.x
huawei / network_functions_virtualization_fusionsphere	6.5.1-spc12	6.5.1-spc12.x
huawei / network_functions_virtualization_fusionsphere	6.5.1-spc23	6.5.1-spc23.x
huawei / manageone	8.0.0	8.0.0.x
huawei / manageone	8.0.0-spc100	8.0.0-spc100.x
huawei / manageone	8.0.0-lcnd81	8.0.0-lcnd81.x
huawei / manageone	8.0.0-rc3	8.0.0-rc3.x
huawei / manageone	8.0.0-rc3.b041	8.0.0-rc3.b041.x
huawei / manageone	8.0.0-rc3.spc100	8.0.0-rc3.spc100.x
huawei / manageone	6.5.0-rc2.b050	6.5.0-rc2.b050.x
huawei / manageone	6.5.1-spc100.b050	6.5.1-spc100.b050.x
huawei / manageone	6.5.1-spc101.b010	6.5.1-spc101.b010.x
huawei / manageone	6.5.1-spc101.b040	6.5.1-spc101.b040.x
huawei / manageone	6.5.1-spc200	6.5.1-spc200.x
huawei / manageone	6.5.1-spc200.b010	6.5.1-spc200.b010.x
huawei / manageone	6.5.1-spc200.b030	6.5.1-spc200.b030.x
huawei / manageone	6.5.1-spc200.b040	6.5.1-spc200.b040.x
huawei / manageone	6.5.1-spc200.b050	6.5.1-spc200.b050.x
huawei / manageone	6.5.1-spc200.b060	6.5.1-spc200.b060.x
huawei / manageone	6.5.1-spc200.b070	6.5.1-spc200.b070.x
huawei / manageone	6.5.1-rc1.b060	6.5.1-rc1.b060.x
huawei / manageone	6.5.1-rc2.b020	6.5.1-rc2.b020.x
huawei / manageone	6.5.1-rc2.b030	6.5.1-rc2.b030.x
huawei / manageone	6.5.1-rc2.b040	6.5.1-rc2.b040.x
huawei / manageone	6.5.1-rc2.b050	6.5.1-rc2.b050.x
huawei / manageone	6.5.1-rc2.b060	6.5.1-rc2.b060.x
huawei / manageone	6.5.1-rc2.b070	6.5.1-rc2.b070.x
huawei / manageone	6.5.1-rc2.b080	6.5.1-rc2.b080.x
huawei / manageone	6.5.1-rc2.b090	6.5.1-rc2.b090.x
huawei / manageone	6.5.1	6.5.1.x
huawei / manageone	6.5.0	6.5.0.x
huawei / manageone	6.5.0-spc100.b210	6.5.0-spc100.b210.x
huawei / smc2.0_firmware	600r019c00	600r019c00.x
huawei / smc2.0_firmware	600r019c10	600r019c10.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en

Vulnerability Database

289,599

CVE-2021-22299