ID

VAR-202110-1355


CVE

CVE-2021-37131


TITLE

plural  Huawei  In the product  CSV  Vulnerability in neutralizing math elements in files

Trust: 0.8

sources: JVNDB: JVNDB-2021-014239

DESCRIPTION

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. ManageOne , iManager NetEco , iManager NetEco 6000 for, CSV A vulnerability exists regarding the neutralization of formula elements in files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-37131 // JVNDB: JVNDB-2021-014239 // VULHUB: VHN-398967

AFFECTED PRODUCTS

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00spc210

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00spc110

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00spc221

Trust: 1.0

vendor:huaweimodel:manageonescope:eqversion:6.5.1

Trust: 1.0

vendor:huaweimodel:manageonescope:eqversion:8.0.0

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00spc200

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00cp2001

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00cp3001

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00cp2002

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00spc200

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00spc100

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00cp3002

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00spc300

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00cp3102

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00spc220

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00spc232

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00spc100

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00spc120

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00spc201

Trust: 1.0

vendor:huaweimodel:manageonescope:eqversion:8.0.1

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00spc190

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00cp3101

Trust: 1.0

vendor:huaweimodel:manageonescope:eqversion:6.5.1.1

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00spc310

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00spc210

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00cp2201

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00cp2301

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00spc202

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00spc230

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion:v600r009c00spc110

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion:v600r010c00spc120

Trust: 1.0

vendor:huaweimodel:imanager netecoscope: - version: -

Trust: 0.8

vendor:huaweimodel:manageonescope: - version: -

Trust: 0.8

vendor:huaweimodel:imanager neteco 6000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014239 // NVD: CVE-2021-37131

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37131
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-37131
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202110-1521
value: MEDIUM

Trust: 0.6

VULHUB: VHN-398967
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37131
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398967
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37131
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-37131
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398967 // JVNDB: JVNDB-2021-014239 // CNNVD: CNNVD-202110-1521 // NVD: CVE-2021-37131

PROBLEMTYPE DATA

problemtype:CWE-1236

Trust: 1.0

problemtype:CSV Improper neutralization of math elements in the file (CWE-1236) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-014239 // NVD: CVE-2021-37131

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1521

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202110-1521

PATCH

title:huawei-sa-20211020-01-csvurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en

Trust: 0.8

title:Huawei Imanager NetEco Fixes for code injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167597

Trust: 0.6

sources: JVNDB: JVNDB-2021-014239 // CNNVD: CNNVD-202110-1521

EXTERNAL IDS

db:NVDid:CVE-2021-37131

Trust: 3.3

db:JVNDBid:JVNDB-2021-014239

Trust: 0.8

db:CS-HELPid:SB2021102125

Trust: 0.6

db:CNNVDid:CNNVD-202110-1521

Trust: 0.6

db:VULHUBid:VHN-398967

Trust: 0.1

sources: VULHUB: VHN-398967 // JVNDB: JVNDB-2021-014239 // CNNVD: CNNVD-202110-1521 // NVD: CVE-2021-37131

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37131

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211020-01-csv-cn

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021102125

Trust: 0.6

sources: VULHUB: VHN-398967 // JVNDB: JVNDB-2021-014239 // CNNVD: CNNVD-202110-1521 // NVD: CVE-2021-37131

CREDITS

The vulnerability was discovered by Huawei's internal testing

Trust: 0.6

sources: CNNVD: CNNVD-202110-1521

SOURCES

db:VULHUBid:VHN-398967
db:JVNDBid:JVNDB-2021-014239
db:CNNVDid:CNNVD-202110-1521
db:NVDid:CVE-2021-37131

LAST UPDATE DATE

2024-08-14T14:37:51.080000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398967date:2021-10-29T00:00:00
db:JVNDBid:JVNDB-2021-014239date:2022-10-11T07:44:00
db:CNNVDid:CNNVD-202110-1521date:2021-11-02T00:00:00
db:NVDid:CVE-2021-37131date:2021-10-29T01:26:41.697

SOURCES RELEASE DATE

db:VULHUBid:VHN-398967date:2021-10-27T00:00:00
db:JVNDBid:JVNDB-2021-014239date:2022-10-11T00:00:00
db:CNNVDid:CNNVD-202110-1521date:2021-10-21T00:00:00
db:NVDid:CVE-2021-37131date:2021-10-27T01:15:07.863