PT-2021-15033 · Huawei · Imaster Nce-Fabric

Published

2021-11-23

Updated

2021-11-24

CVE-2021-22410

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: iMaster NCE-Fabric version V100R019C10

Description: The issue is related to a XSS injection vulnerability. A module of the client does not verify the input sufficiently, allowing attackers to exploit this by modifying input after logging onto the client. This may compromise the normal service of the client.

Recommendations: For iMaster NCE-Fabric version V100R019C10, consider restricting access to the client until a patch is available, and ensure that all inputs are thoroughly verified to prevent exploitation. As a temporary workaround, consider disabling the vulnerable module until a fix is provided.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-22410

Affected Products

Imaster Nce-Fabric

PT-2021-15033 · Huawei · Imaster Nce-Fabric

CVE-2021-22410

Weakness Enumeration

Related Identifiers

Affected Products

References · 4