PT-2021-15023 · Huawei · Huawei Ese620X Vess+2
Published
2021-07-14
·
Updated
2021-08-11
·
CVE-2021-22396
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Huawei eCNS280 TD versions V100R005C00 through V100R005C10
Huawei eSE620X vESS versions V100R001C10SPC200 through V100R001C20SPC200
Description:
The issue is related to improper privilege management in some Huawei products, allowing a local attacker with common privilege to access specific files, which can lead to privilege escalation.
Recommendations:
For Huawei eCNS280 TD versions V100R005C00 through V100R005C10, update to a version that properly manages privileges to prevent unauthorized access.
For Huawei eSE620X vESS versions V100R001C10SPC200 through V100R001C20SPC200, restrict access to sensitive files until a patch is available that corrects the privilege management issue.
As a temporary workaround, consider limiting local access to the affected products to minimize the risk of exploitation.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Vrp
Huawei Ecns280 Td
Huawei Ese620X Vess