Details of VAR-202109-1644

ID

VAR-202109-1644

CVE

CVE-2021-37105

TITLE

FusionCompute Vulnerability in unlimited upload of dangerous types of files in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012676

DESCRIPTION

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal. FusionCompute Contains a vulnerability related to unlimited uploads of dangerous types of files.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Huawei FusionCompute is a computer virtualization engine developed by Huawei in China. The product provides Virtual Resource Manager (VRM) and Compute Node Agent (CNA), etc. There is a security vulnerability in Huawei FusionCompute

Trust: 2.34

sources: NVD: CVE-2021-37105 // JVNDB: JVNDB-2021-012676 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-397515 // VULMON: CVE-2021-37105

AFFECTED PRODUCTS

vendor:	huawei	model:	fusioncompute	scope:	eq	version:	6.5.1	Trust: 1.0
vendor:	huawei	model:	fusioncompute	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	huawei	model:	fusioncompute	scope:	eq	version:	6.5.0	Trust: 1.0
vendor:	huawei	model:	fusioncompute	scope:	eq	version:	fusioncompute firmware 6.5.0	Trust: 0.8
vendor:	huawei	model:	fusioncompute	scope:	eq	version:	fusioncompute firmware 6.5.1	Trust: 0.8
vendor:	huawei	model:	fusioncompute	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	fusioncompute	scope:	eq	version:	fusioncompute firmware 8.0.0	Trust: 0.8

sources: JVNDB: JVNDB-2021-012676 // NVD: CVE-2021-37105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37105
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-37105
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1619
value:	HIGH
Trust: 0.6
VULHUB:	VHN-397515
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-37105
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-397515
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-37105
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-37105
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-397515 // JVNDB: JVNDB-2021-012676 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1619 // NVD: CVE-2021-37105

PROBLEMTYPE DATA

problemtype:	CWE-434	Trust: 1.1
problemtype:	Unlimited uploads of dangerous types of files (CWE-434) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-397515 // JVNDB: JVNDB-2021-012676 // NVD: CVE-2021-37105

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1619

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	huawei-sa-20210922-01-upload	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-upload-en	Trust: 0.8
title:	Huawei FusionCompute Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164748	Trust: 0.6

sources: JVNDB: JVNDB-2021-012676 // CNNVD: CNNVD-202109-1619

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37105	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-012676	Trust: 0.8
db:	CNNVD	id:	CNNVD-202109-1619	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021092302	Trust: 0.6
db:	VULHUB	id:	VHN-397515	Trust: 0.1
db:	VULMON	id:	CVE-2021-37105	Trust: 0.1

sources: VULHUB: VHN-397515 // VULMON: CVE-2021-37105 // JVNDB: JVNDB-2021-012676 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1619 // NVD: CVE-2021-37105

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-upload-en	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37105	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210922-01-upload-cn	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092302	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-397515 // VULMON: CVE-2021-37105 // JVNDB: JVNDB-2021-012676 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1619 // NVD: CVE-2021-37105

CREDITS

The vulnerability was discovered by Huawei's internal testing

Trust: 0.6

sources: CNNVD: CNNVD-202109-1619

SOURCES

db:	VULHUB	id:	VHN-397515
db:	VULMON	id:	CVE-2021-37105
db:	JVNDB	id:	JVNDB-2021-012676
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-1619
db:	NVD	id:	CVE-2021-37105

LAST UPDATE DATE

2024-08-14T12:54:07.775000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-397515	date:	2021-10-06T00:00:00
db:	VULMON	id:	CVE-2021-37105	date:	2021-09-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-012676	date:	2022-09-05T07:22:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-1619	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2021-37105	date:	2021-10-06T19:10:19.910

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-397515	date:	2021-09-28T00:00:00
db:	VULMON	id:	CVE-2021-37105	date:	2021-09-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-012676	date:	2022-09-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-1619	date:	2021-09-22T00:00:00
db:	NVD	id:	CVE-2021-37105	date:	2021-09-28T15:15:07.457