CVE-2021-22377

EPSS 0.71%
Published 22.06.2021 19:15:07
Last modified 21.11.2024 05:50:00
Source psirt@huawei.com
Teams watchlist Login
Open Login

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ S12700 Firmware Versionv200r019c00spc500

Huawei ≫ S12700 Version-

Huawei ≫ S2700 Firmware Versionv200r019c00spc500

Huawei ≫ S2700 Version-

Huawei ≫ S5700 Firmware Versionv200r019c00spc500

Huawei ≫ S5700 Version-

Huawei ≫ S6700 Firmware Versionv200r019c00spc500

Huawei ≫ S6700 Version-

Huawei ≫ S7700 Firmware Versionv200r019c00spc500

Huawei ≫ S7700 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.71%	0.699

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cmdinj-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-22377

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22377

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22377

EUVD