What is CVE-2021-37102?

CVE-2021-37102 is a command injection vulnerability in the CMA service module of the FusionCompute product.

How does CVE-2021-37102 impact Huawei FusionCompute?

CVE-2021-37102 affects Huawei FusionCompute versions 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, and 8.0.0.

What is the severity of CVE-2021-37102?

CVE-2021-37102 has a severity score of 8.8 (critical).

How can the CVE-2021-37102 vulnerability be exploited?

CVE-2021-37102 can be exploited by an attacker providing specially crafted input to the default certificate file, leading to command injection.

Is there a fix available for CVE-2021-37102?

Yes, Huawei has released a security advisory with instructions for fixing CVE-2021-37102. Please refer to the official Huawei website for the advisory.

Vulnerability/
CVE-2021-37102

critical

CWE

23/11/2021

26/11/2021

CVE-2021-37102: Command Injection

First published: Tue Nov 23 2021(Updated: )

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei FusionCompute	=6.0.0
Huawei FusionCompute	=6.3.0
Huawei FusionCompute	=6.3.1
Huawei FusionCompute	=6.5.0
Huawei FusionCompute	=6.5.1
Huawei FusionCompute	=8.0.0

Never miss a vulnerability like this again

Reference Links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-cmd-en

Frequently Asked Questions

What is CVE-2021-37102?
CVE-2021-37102 is a command injection vulnerability in the CMA service module of the FusionCompute product.
How does CVE-2021-37102 impact Huawei FusionCompute?
CVE-2021-37102 affects Huawei FusionCompute versions 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, and 8.0.0.
What is the severity of CVE-2021-37102?
CVE-2021-37102 has a severity score of 8.8 (critical).
How can the CVE-2021-37102 vulnerability be exploited?
CVE-2021-37102 can be exploited by an attacker providing specially crafted input to the default certificate file, leading to command injection.
Is there a fix available for CVE-2021-37102?
Yes, Huawei has released a security advisory with instructions for fixing CVE-2021-37102. Please refer to the official Huawei website for the advisory.

collector/nvd-index
agent/weakness
agent/references
agent/author
agent/severity
agent/type
agent/description
agent/event
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/tags
vendor/huawei
canonical/huawei fusioncompute
version/huawei fusioncompute/6.0.0
version/huawei fusioncompute/6.3.0
version/huawei fusioncompute/6.3.1
version/huawei fusioncompute/6.5.0
version/huawei fusioncompute/6.5.1
version/huawei fusioncompute/8.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.