CVE-2021-22377

Published Jun 22, 2021

Last updated 3 years ago

CVSS high 7.2

Overview

Description: There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:s12700_firmware:v200r019c00spc500:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A58127B-8ED8-49AD-83CE-AF95E221E092"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "138C1E57-176C-46B1-9704-D9C8391CC802"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:s2700_firmware:v200r019c00spc500:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "547FFF0C-A572-40C6-849B-8FBEEF551062"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:s2700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DD2CD071-58E4-4061-8217-990453213470"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:s5700_firmware:v200r019c00spc500:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35753856-3BE4-481C-8D49-077E51138633"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E22D3CFF-3353-4EE2-8933-84F395469D0D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:s6700_firmware:v200r019c00spc500:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32203724-9D88-4585-ABB5-78D474273794"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DA7AC10D-B0DD-4206-8642-134DDD585C06"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:s7700_firmware:v200r019c00spc500:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "613E1109-B921-4477-893D-179C1D1A6008"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8769C2C4-E333-432B-8943-CFDFAE013379"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References