CVE-2021-22397: Input Validation
First published: Mon Aug 02 2021(Updated: )
There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei ManageOne | =8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-22397?
CVE-2021-22397 is a privilege escalation vulnerability in Huawei ManageOne 8.0.0.
How does CVE-2021-22397 affect Huawei ManageOne?
CVE-2021-22397 affects Huawei ManageOne 8.0.0 by allowing attackers to exploit external parameters of certain files, leading to privilege escalation attacks and potential compromise of normal service.
What is the severity of CVE-2021-22397?
The severity of CVE-2021-22397 is medium with a CVSS score of 6.7.
How can attackers exploit CVE-2021-22397?
Attackers can exploit CVE-2021-22397 by manipulating the external parameters of specific files in Huawei ManageOne 8.0.0 to gain elevated privileges.
Is there a fix for CVE-2021-22397?
To fix CVE-2021-22397, Huawei ManageOne users should apply the latest security patch provided by Huawei.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/event
- agent/tags
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei manageone
- version/huawei manageone/8.0.0