PT-2021-21526 · Huawei · Imanager Neteco 6000+2
Published
2021-10-20
·
Updated
2021-10-28
·
CVE-2021-37127
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
iManager NetEco versions V600R010C00CP2001 through V600R010C00SPC300
iManager NetEco 6000 versions V600R009C00SPC100 through V600R009C00SPC210
Description
There is a signature management issue in some Huawei products. An attacker can forge a signature and bypass the signature check. During the firmware update process, successful exploitation of this issue can cause a forged system file to overwrite the correct system file.
Recommendations
For iManager NetEco versions V600R010C00CP2001 through V600R010C00SPC300, update to a version that includes a fix for the signature management vulnerability.
For iManager NetEco 6000 versions V600R009C00SPC100 through V600R009C00SPC210, update to a version that includes a fix for the signature management vulnerability.
As a temporary workaround, consider restricting access to the firmware update process to minimize the risk of exploitation.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Vrp
Imanager Neteco
Imanager Neteco 6000