Details of VAR-202111-1435

ID

VAR-202111-1435

CVE

CVE-2021-39976

TITLE

CloudEngine 5800 Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015386

DESCRIPTION

There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. CloudEngine 5800 Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei Cloudengine 5800 is a 5800 series data center switch of China's Huawei (Huawei) company. Huawei Cloudengine 5800 has vulnerabilities in permissions and access control issues. This vulnerability stems from the lack of permission restrictions

Trust: 2.16

sources: NVD: CVE-2021-39976 // JVNDB: JVNDB-2021-015386 // CNVD: CNVD-2021-100794

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-100794

AFFECTED PRODUCTS

vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r020c00spc600	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	cloudengine 5800 firmware 200r020c00spc600	Trust: 0.8
vendor:	huawei	model:	cloudengine v200r020c00spc600	scope:	eq	version:	5800	Trust: 0.6

sources: CNVD: CNVD-2021-100794 // JVNDB: JVNDB-2021-015386 // NVD: CVE-2021-39976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-39976
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-39976
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-100794
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202111-365
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-39976
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-100794
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-39976
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-39976
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-100794 // JVNDB: JVNDB-2021-015386 // CNNVD: CNNVD-202111-365 // NVD: CVE-2021-39976

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-015386 // NVD: CVE-2021-39976

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-365

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-365

PATCH

title:	huawei-sa-20211103-01-privilege	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211103-01-privilege-en	Trust: 0.8
title:	Patch for Huawei Cloudengine 5800 Permission and Access Control Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/308091	Trust: 0.6
title:	Huawei Cloudengine 5800 Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171224	Trust: 0.6

sources: CNVD: CNVD-2021-100794 // JVNDB: JVNDB-2021-015386 // CNNVD: CNNVD-202111-365

EXTERNAL IDS

db:	NVD	id:	CVE-2021-39976	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-015386	Trust: 0.8
db:	CNVD	id:	CNVD-2021-100794	Trust: 0.6
db:	CS-HELP	id:	SB2021110305	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-365	Trust: 0.6

sources: CNVD: CNVD-2021-100794 // JVNDB: JVNDB-2021-015386 // CNNVD: CNNVD-202111-365 // NVD: CVE-2021-39976

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-39976	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211103-01-privilege-en	Trust: 1.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211103-01-privilege-cn	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021110305	Trust: 0.6

sources: CNVD: CNVD-2021-100794 // JVNDB: JVNDB-2021-015386 // CNNVD: CNNVD-202111-365 // NVD: CVE-2021-39976

CREDITS

The vulnerability was discovered by Huawei's internal testing

Trust: 0.6

sources: CNNVD: CNNVD-202111-365

SOURCES

db:	CNVD	id:	CNVD-2021-100794
db:	JVNDB	id:	JVNDB-2021-015386
db:	CNNVD	id:	CNNVD-202111-365
db:	NVD	id:	CVE-2021-39976

LAST UPDATE DATE

2024-08-14T13:53:46.181000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-100794	date:	2021-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-015386	date:	2022-11-18T06:23:00
db:	CNNVD	id:	CNNVD-202111-365	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-39976	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-100794	date:	2021-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-015386	date:	2022-11-18T00:00:00
db:	CNNVD	id:	CNNVD-202111-365	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2021-39976	date:	2021-11-23T15:15:07.397