Signature Management Vulnerability in Huawei iManager Products
CVE-2021-37127

7.2HIGH

Key Information:

Vendor: Huawei
Status: Imanager Neteco;imanager Neteco 6000
Vendor: CVE Published:; 27 October 2021

Summary

A signature management vulnerability exists in several Huawei iManager products. This flaw allows an attacker to forge signatures, thereby bypassing essential signature checks. If exploited during the firmware update process, this vulnerability may enable the insertion of maliciously crafted system files, potentially overwriting legitimate files. This can compromise the integrity of the system, resulting in unauthorized access or functionality issues. It is crucial for users of the affected products to implement necessary mitigations and monitor for any unusual activity.

Affected Version(s)

iManager NetEco;iManager NetEco 6000 V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300

iManager NetEco;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2021
Vulnerability Reserved
Jul 20, 2021