Command Injection Vulnerability in Huawei Switches
CVE-2021-22377
7.2HIGH
Summary
A command injection vulnerability has been identified in specific Huawei switch models where insufficient input validation allows attackers to manipulate command execution. By sending specially crafted parameters, an attacker could inject commands that compromise the normal operation of the device. This can lead to unauthorized access and service disruptions, highlighting the need for prompt security measures to mitigate potential risks. It is crucial for organizations utilizing affected models to stay informed and apply the relevant patches provided by Huawei.
Affected Version(s)
S12700;S2700;S5700;S6700;S7700 V200R019C00SPC500
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved