CVE-2021-37124

{"id": "CVE-2021-37124", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-10-27T01:15:07.653", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211008-01-share-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211008-01-share-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain path.Affected product versions include:PC Smart Full Scene 11.1 versions PCManager 11.1.1.97."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de salto de ruta en el producto PC de Huawei. Dado que el producto no filtra las rutas con caracteres especiales, los atacantes pueden construir una ruta de archivo con caracteres especiales para explotar esta vulnerabilidad. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante transportar un archivo a determinada ruta. Las versiones del producto afectadas incluyen: PC Smart Full Scene 11.1 versiones PCManager 11.1.1.97"}], "lastModified": "2024-11-21T06:14:41.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:pc_smart_full_scene:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CB38BB2-AA16-4341-8479-F5A9936BCCEA"}, {"criteria": "cpe:2.3:a:huawei:pcmanager:11.1.1.97:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C8D51ED-534D-4777-84AB-16CC9177B428"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}