CVE-2021-22299

Name of the Vulnerable Software and Affected Versions: ManageOne versions 6.5.0 through 8.0.RC3.SPC100 NFV FusionSphere versions 6.5.1.SPC23 through 8.0.0.SPC12 SMC2.0 versions V600R019C00 through V600R019C10 iMaster MAE-M version MAE-TOOL(FusionSphereBasicTemplate Euler X86)V100R020C10SPC220

Description: A local privilege escalation issue exists in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this issue. Successful exploitation may cause the attacker to obtain a higher privilege.

Recommendations: For ManageOne versions 6.5.0 through 8.0.RC3.SPC100, update to a version that is not affected by this issue. For NFV FusionSphere versions 6.5.1.SPC23 through 8.0.0.SPC12, update to a version that is not affected by this issue. For SMC2.0 versions V600R019C00 through V600R019C10, update to a version that is not affected by this issue. For iMaster MAE-M version MAE-TOOL(FusionSphereBasicTemplate Euler X86)V100R020C10SPC220, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the affected products until a patch is available.