CVE-2021-33658
First published: Fri Mar 11 2022(Updated: )
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.
Credit: securities@openeuler.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Atune | >=0.3<=0.8 | |
| Huawei Openeuler | =20.03-sp1 | |
| Huawei Openeuler | =20.03-sp2 | |
| Huawei Openeuler | =20.03-sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-33658?
CVE-2021-33658 is a vulnerability in atune before version 0.3-0.8 that allows local users to escalate privileges or modify files.
How do I exploit CVE-2021-33658?
To exploit CVE-2021-33658, log in as a local user and run the curl command to access the local atune URL interface.
Is authentication forcibly enabled in the default configuration of atune before version 0.3-0.8?
No, authentication is not forcibly enabled in the default configuration of atune before version 0.3-0.8.
What is the severity of CVE-2021-33658?
CVE-2021-33658 has a severity rating of 7.8 (high).
How can I fix CVE-2021-33658?
To fix CVE-2021-33658, update atune to version 0.3-0.8 or later.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei atune
- version/huawei atune/0.3
- version/huawei atune/0.8
- canonical/huawei openeuler
- version/huawei openeuler/20.03-sp1
- version/huawei openeuler/20.03-sp2
- version/huawei openeuler/20.03-sp3