ID

VAR-202111-1435


CVE

CVE-2021-39976


TITLE

CloudEngine 5800  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015386

DESCRIPTION

There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. CloudEngine 5800 Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei Cloudengine 5800 is a 5800 series data center switch of China's Huawei (Huawei) company. Huawei Cloudengine 5800 has vulnerabilities in permissions and access control issues. This vulnerability stems from the lack of permission restrictions

Trust: 2.16

sources: NVD: CVE-2021-39976 // JVNDB: JVNDB-2021-015386 // CNVD: CNVD-2021-100794

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-100794

AFFECTED PRODUCTS

vendor:huaweimodel:cloudengine 5800scope:eqversion:v200r020c00spc600

Trust: 1.0

vendor:huaweimodel:cloudengine 5800scope:eqversion: -

Trust: 0.8

vendor:huaweimodel:cloudengine 5800scope:eqversion:cloudengine 5800 firmware 200r020c00spc600

Trust: 0.8

vendor:huaweimodel:cloudengine v200r020c00spc600scope:eqversion:5800

Trust: 0.6

sources: CNVD: CNVD-2021-100794 // JVNDB: JVNDB-2021-015386 // NVD: CVE-2021-39976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-39976
value: HIGH

Trust: 1.0

NVD: CVE-2021-39976
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-100794
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202111-365
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-39976
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-100794
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-39976
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-39976
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-100794 // JVNDB: JVNDB-2021-015386 // CNNVD: CNNVD-202111-365 // NVD: CVE-2021-39976

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-015386 // NVD: CVE-2021-39976

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-365

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-365

PATCH

title:huawei-sa-20211103-01-privilegeurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211103-01-privilege-en

Trust: 0.8

title:Patch for Huawei Cloudengine 5800 Permission and Access Control Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/308091

Trust: 0.6

title:Huawei Cloudengine 5800 Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171224

Trust: 0.6

sources: CNVD: CNVD-2021-100794 // JVNDB: JVNDB-2021-015386 // CNNVD: CNNVD-202111-365

EXTERNAL IDS

db:NVDid:CVE-2021-39976

Trust: 3.8

db:JVNDBid:JVNDB-2021-015386

Trust: 0.8

db:CNVDid:CNVD-2021-100794

Trust: 0.6

db:CS-HELPid:SB2021110305

Trust: 0.6

db:CNNVDid:CNNVD-202111-365

Trust: 0.6

sources: CNVD: CNVD-2021-100794 // JVNDB: JVNDB-2021-015386 // CNNVD: CNNVD-202111-365 // NVD: CVE-2021-39976

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-39976

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211103-01-privilege-en

Trust: 1.6

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211103-01-privilege-cn

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021110305

Trust: 0.6

sources: CNVD: CNVD-2021-100794 // JVNDB: JVNDB-2021-015386 // CNNVD: CNNVD-202111-365 // NVD: CVE-2021-39976

CREDITS

The vulnerability was discovered by Huawei's internal testing

Trust: 0.6

sources: CNNVD: CNNVD-202111-365

SOURCES

db:CNVDid:CNVD-2021-100794
db:JVNDBid:JVNDB-2021-015386
db:CNNVDid:CNNVD-202111-365
db:NVDid:CVE-2021-39976

LAST UPDATE DATE

2024-08-14T13:53:46.181000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-100794date:2021-12-20T00:00:00
db:JVNDBid:JVNDB-2021-015386date:2022-11-18T06:23:00
db:CNNVDid:CNNVD-202111-365date:2022-07-14T00:00:00
db:NVDid:CVE-2021-39976date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-100794date:2021-12-20T00:00:00
db:JVNDBid:JVNDB-2021-015386date:2022-11-18T00:00:00
db:CNNVDid:CNNVD-202111-365date:2021-11-03T00:00:00
db:NVDid:CVE-2021-39976date:2021-11-23T15:15:07.397