Command Injection Vulnerability in Huawei Switches
CVE-2021-22377

7.2HIGH

Key Information:

Vendor
Huawei
Status
S12700;s2700;s5700;s6700;s7700
Vendor
CVE Published:
22 June 2021

Summary

A command injection vulnerability has been identified in specific Huawei switch models where insufficient input validation allows attackers to manipulate command execution. By sending specially crafted parameters, an attacker could inject commands that compromise the normal operation of the device. This can lead to unauthorized access and service disruptions, highlighting the need for prompt security measures to mitigate potential risks. It is crucial for organizations utilizing affected models to stay informed and apply the relevant patches provided by Huawei.

Affected Version(s)

S12700;S2700;S5700;S6700;S7700 V200R019C00SPC500

References

https://www.huawei.com/en/psirt/security-advisories/huawe...
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.