Details of VAR-202106-0605

ID

VAR-202106-0605

CVE

CVE-2021-22340

TITLE

ManageOne and SMC2.0 Race Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-008910

DESCRIPTION

There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931. ManageOne and SMC2.0 Is vulnerable to a race condition.Denial of service (DoS) It may be put into a state. Huawei Manageone is a set of cloud data center management solutions of China Huawei (Huawei). The product supports unified management of heterogeneous cloud resource pools, and provides functions such as multi-level VDC matching customer organization model, service catalog planning, self-service, centralized alarm analysis, and intelligent operation and maintenance. Many Huawei products have security vulnerabilities. 0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931

Trust: 1.8

sources: NVD: CVE-2021-22340 // JVNDB: JVNDB-2021-008910 // VULHUB: VHN-380775 // VULMON: CVE-2021-22340

AFFECTED PRODUCTS

vendor:	huawei	model:	smc2.0	scope:	eq	version:	v600r019c10spc703	Trust: 1.0
vendor:	huawei	model:	smc2.0	scope:	eq	version:	v600r019c10spc900	Trust: 1.0
vendor:	huawei	model:	smc2.0	scope:	eq	version:	v600r019c10spc920	Trust: 1.0
vendor:	huawei	model:	smc2.0	scope:	eq	version:	v600r019c10spc921	Trust: 1.0
vendor:	huawei	model:	smc2.0	scope:	eq	version:	v600r019c10spc931	Trust: 1.0
vendor:	huawei	model:	manageone	scope:	eq	version:	8.0.1	Trust: 1.0
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1	Trust: 1.0
vendor:	huawei	model:	manageone	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	huawei	model:	smc2.0	scope:	eq	version:	v600r019c10spc922	Trust: 1.0
vendor:	huawei	model:	smc2.0	scope:	eq	version:	v600r019c10spc702	Trust: 1.0
vendor:	huawei	model:	smc2.0	scope:	eq	version:	v600r019c10spc700	Trust: 1.0
vendor:	huawei	model:	smc2.0	scope:	eq	version:	v600r019c10spc930	Trust: 1.0
vendor:	huawei	model:	smc2.0	scope:	eq	version:	v600r019c10spc800	Trust: 1.0
vendor:	huawei	model:	smc2.0	scope:	eq	version:	v600r019c10spc910	Trust: 1.0
vendor:	huawei	model:	manageone	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	smc2.0	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008910 // NVD: CVE-2021-22340

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22340
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22340
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202106-1952
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380775
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-22340
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22340
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380775
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22340
baseSeverity:	MEDIUM
baseScore:	4.1
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22340
baseSeverity:	MEDIUM
baseScore:	4.1
vectorString:	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380775 // VULMON: CVE-2021-22340 // JVNDB: JVNDB-2021-008910 // CNNVD: CNNVD-202106-1952 // NVD: CVE-2021-22340

PROBLEMTYPE DATA

problemtype:	CWE-362	Trust: 1.1
problemtype:	Race condition (CWE-362) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380775 // JVNDB: JVNDB-2021-008910 // NVD: CVE-2021-22340

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-1952

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202106-1952

PATCH

title:	huawei-sa-20210428-01-racecondition	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-racecondition-en	Trust: 0.8
title:	Huawei Manageone Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155504	Trust: 0.6

sources: JVNDB: JVNDB-2021-008910 // CNNVD: CNNVD-202106-1952

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22340	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-008910	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-1952	Trust: 0.7
db:	CS-HELP	id:	SB2021102124	Trust: 0.6
db:	VULHUB	id:	VHN-380775	Trust: 0.1
db:	VULMON	id:	CVE-2021-22340	Trust: 0.1

sources: VULHUB: VHN-380775 // VULMON: CVE-2021-22340 // JVNDB: JVNDB-2021-008910 // CNNVD: CNNVD-202106-1952 // NVD: CVE-2021-22340

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-racecondition-en	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22340	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210428-01-racecondition-cn	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021102124	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/362.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380775 // VULMON: CVE-2021-22340 // JVNDB: JVNDB-2021-008910 // CNNVD: CNNVD-202106-1952 // NVD: CVE-2021-22340

CREDITS

The vulnerability was discovered by Huawei's internal testing

Trust: 0.6

sources: CNNVD: CNNVD-202106-1952

SOURCES

db:	VULHUB	id:	VHN-380775
db:	VULMON	id:	CVE-2021-22340
db:	JVNDB	id:	JVNDB-2021-008910
db:	CNNVD	id:	CNNVD-202106-1952
db:	NVD	id:	CVE-2021-22340

LAST UPDATE DATE

2024-08-14T15:11:55.392000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380775	date:	2021-07-07T00:00:00
db:	VULMON	id:	CVE-2021-22340	date:	2021-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-008910	date:	2022-03-31T06:36:00
db:	CNNVD	id:	CNNVD-202106-1952	date:	2021-10-26T00:00:00
db:	NVD	id:	CVE-2021-22340	date:	2021-07-07T12:34:40.027

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380775	date:	2021-06-29T00:00:00
db:	VULMON	id:	CVE-2021-22340	date:	2021-06-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-008910	date:	2022-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202106-1952	date:	2021-06-29T00:00:00
db:	NVD	id:	CVE-2021-22340	date:	2021-06-29T19:15:09.180