CVE-2021-22439

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-22439
There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210619-01-injection-en Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:huawei:anyoffice:v200r006c10:*:*:*:*:*:*:*
History

No history.

Information

Published : 2021-06-29 19:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-22439

Mitre link : CVE-2021-22439

CVE.ORG link : CVE-2021-22439

JSON object : View

Products Affected

huawei

  • anyoffice
CWE
CWE-502

Deserialization of Untrusted Data