CVE-2021-22299
First published: Sat Feb 06 2021(Updated: )
There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Imaster Mae-m | =v100r020c10spc220 | |
| Huawei ManageOne | =6.5.0 | |
| Huawei ManageOne | =6.5.0-rc2.b050 | |
| Huawei ManageOne | =6.5.0-spc100.b210 | |
| Huawei ManageOne | =6.5.1 | |
| Huawei ManageOne | =6.5.1-rc1.b060 | |
| Huawei ManageOne | =6.5.1-rc2.b020 | |
| Huawei ManageOne | =6.5.1-rc2.b030 | |
| Huawei ManageOne | =6.5.1-rc2.b040 | |
| Huawei ManageOne | =6.5.1-rc2.b050 | |
| Huawei ManageOne | =6.5.1-rc2.b060 | |
| Huawei ManageOne | =6.5.1-rc2.b070 | |
| Huawei ManageOne | =6.5.1-rc2.b080 | |
| Huawei ManageOne | =6.5.1-rc2.b090 | |
| Huawei ManageOne | =6.5.1-spc100.b050 | |
| Huawei ManageOne | =6.5.1-spc101.b010 | |
| Huawei ManageOne | =6.5.1-spc101.b040 | |
| Huawei ManageOne | =6.5.1-spc200 | |
| Huawei ManageOne | =6.5.1-spc200.b010 | |
| Huawei ManageOne | =6.5.1-spc200.b030 | |
| Huawei ManageOne | =6.5.1-spc200.b040 | |
| Huawei ManageOne | =6.5.1-spc200.b050 | |
| Huawei ManageOne | =6.5.1-spc200.b060 | |
| Huawei ManageOne | =6.5.1-spc200.b070 | |
| Huawei ManageOne | =6.5.1.1-b010 | |
| Huawei ManageOne | =6.5.1.1-b020 | |
| Huawei ManageOne | =6.5.1.1-b030 | |
| Huawei ManageOne | =6.5.1.1-b040 | |
| Huawei ManageOne | =8.0.0 | |
| Huawei ManageOne | =8.0.0-lcnd81 | |
| Huawei ManageOne | =8.0.0-rc2 | |
| Huawei ManageOne | =8.0.0-rc3 | |
| Huawei ManageOne | =8.0.0-rc3.b041 | |
| Huawei ManageOne | =8.0.0-rc3.spc100 | |
| Huawei ManageOne | =8.0.0-spc100 | |
| Huawei ManageOne | =8.0.1 | |
| Huawei Network Functions Virtualization Fusionsphere | =6.5.1-spc12 | |
| Huawei Network Functions Virtualization Fusionsphere | =6.5.1-spc23 | |
| Huawei Smc2.0 Firmware | =v600r019c00 | |
| Huawei Smc2.0 Firmware | =v600r019c10 | |
| Huawei SMC2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22299?
CVE-2021-22299 is a local privilege escalation vulnerability in some Huawei products.
How does CVE-2021-22299 affect Huawei products?
CVE-2021-22299 affects certain versions of Huawei ManageOne and Huawei Imaster Mae-m.
What is the severity of CVE-2021-22299?
CVE-2021-22299 has a severity score of 7.8, which is considered high.
How can CVE-2021-22299 be exploited?
CVE-2021-22299 can be exploited by a local, authenticated attacker who crafts specific commands.
Are there any official references for CVE-2021-22299?
Yes, you can find more information about CVE-2021-22299 on the official Huawei security advisory page: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- agent/source
- vendor/huawei
- canonical/huawei imaster mae-m
- version/huawei imaster mae-m/v100r020c10spc220
- canonical/huawei manageone
- version/huawei manageone/6.5.0
- version/huawei manageone/6.5.0-rc2.b050
- version/huawei manageone/6.5.0-spc100.b210
- version/huawei manageone/6.5.1
- version/huawei manageone/6.5.1-rc1.b060
- version/huawei manageone/6.5.1-rc2.b020
- version/huawei manageone/6.5.1-rc2.b030
- version/huawei manageone/6.5.1-rc2.b040
- version/huawei manageone/6.5.1-rc2.b050
- version/huawei manageone/6.5.1-rc2.b060
- version/huawei manageone/6.5.1-rc2.b070
- version/huawei manageone/6.5.1-rc2.b080
- version/huawei manageone/6.5.1-rc2.b090
- version/huawei manageone/6.5.1-spc100.b050
- version/huawei manageone/6.5.1-spc101.b010
- version/huawei manageone/6.5.1-spc101.b040
- version/huawei manageone/6.5.1-spc200
- version/huawei manageone/6.5.1-spc200.b010
- version/huawei manageone/6.5.1-spc200.b030
- version/huawei manageone/6.5.1-spc200.b040
- version/huawei manageone/6.5.1-spc200.b050
- version/huawei manageone/6.5.1-spc200.b060
- version/huawei manageone/6.5.1-spc200.b070
- version/huawei manageone/6.5.1.1-b010
- version/huawei manageone/6.5.1.1-b020
- version/huawei manageone/6.5.1.1-b030
- version/huawei manageone/6.5.1.1-b040
- version/huawei manageone/8.0.0
- version/huawei manageone/8.0.0-lcnd81
- version/huawei manageone/8.0.0-rc2
- version/huawei manageone/8.0.0-rc3
- version/huawei manageone/8.0.0-rc3.b041
- version/huawei manageone/8.0.0-rc3.spc100
- version/huawei manageone/8.0.0-spc100
- version/huawei manageone/8.0.1
- canonical/huawei network functions virtualization fusionsphere
- version/huawei network functions virtualization fusionsphere/6.5.1-spc12
- version/huawei network functions virtualization fusionsphere/6.5.1-spc23
- canonical/huawei smc2.0 firmware
- version/huawei smc2.0 firmware/v600r019c00
- version/huawei smc2.0 firmware/v600r019c10
- canonical/huawei smc2.0