PT-2021-14990 · Huawei · Ecns280+2

Published

2021-05-19

Updated

2022-05-03

CVE-2021-22361

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: eCNS280 versions V100R005C00 through V100R005C10 eSE620X vESS versions V100R001C10SPC200 through V100R001C20SPC200

Description: The issue is related to an improper authorization vulnerability. A file access is not authorized correctly, which may allow an attacker with low access to launch privilege escalation in a specific scenario, potentially compromising the normal service.

Recommendations: For eCNS280 versions V100R005C00 through V100R005C10, update to a version that fixes the improper authorization issue. For eSE620X vESS versions V100R001C10SPC200 through V100R001C20SPC200, update to a version that fixes the improper authorization issue. As a temporary workaround, consider restricting file access to prevent privilege escalation until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-22361

Affected Products

Huawei Vrp

Ecns280

Ese620X Vess

PT-2021-14990 · Huawei · Ecns280+2

CVE-2021-22361

Related Identifiers

Affected Products

References · 4