Improper Authorization in several Huawei Products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-22361 |
| CWE-ID | CWE-285 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Huawei eCNS280 Hardware solutions / Firmware eSE620X vESS Hardware solutions / Firmware |
| Vendor | Huawei |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Authorization
EUVDB-ID: #VU53425
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-22361
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass authorization checks.
The vulnerability exists due to a file access is not authorized correctly. A local user can bypass the authorization process on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei eCNS280: V100R005C00 - V100R005C10
eSE620X vESS: V100R001C10SPC200 - V100R001C20SPC200
CPE2.3- cpe:2.3:h:huawei:huawei_ecns280:V100R005C00:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:huawei_ecns280:V100R005C10:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:ese620x_vess:V100R001C10SPC200:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:ese620x_vess:V100R001C20SPC200:*:*:*:*:*:*:*
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-02-cgp-en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
