Strix
26.1K

CVE-2021-22361

HIGHCVSS 7.8/10EPSS 0.18%

Last modified

CVE-2021-22361 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. EPSS estimates a 0.18% chance of exploitation in the next 30 days.

Description

There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.18%

7.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
HuaweiEcns280 Firmwarev100r005c00
HuaweiEcns280 Firmwarev100r005c10
HuaweiEse620x Vess Firmwarev100r001c10spc200
HuaweiEse620x Vess Firmwarev100r001c20spc200

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-22361?
There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.
How severe is CVE-2021-22361?
CVE-2021-22361 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.18% probability of exploitation in the next 30 days.
How do I fix CVE-2021-22361?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-22361?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST