CVE-2021-37127

{"id": "CVE-2021-37127", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2021-10-27T01:15:07.710", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-signature-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210."}, {"lang": "es", "value": "Se presenta una vulnerabilidad en la administraci\u00f3n de firmas en algunos productos de Huawei. Un atacante puede falsificar la firma y omitir la comprobaci\u00f3n de la misma. Durante el proceso de actualizaci\u00f3n del firmware, una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad puede causar que el archivo de sistema forjado sobrescriba el archivo de sistema correcto. Las versiones de producto afectadas incluyen: iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300; iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210"}], "lastModified": "2021-10-28T17:01:14.343", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:imanager_neteco_6000_firmware:v600r010c00cp2001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57B9F1D8-043C-4F35-B82E-1B058A0E3E06"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_6000_firmware:v600r010c00cp2002:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5179F24D-E60C-4E2B-A7B7-E449B1A23EB8"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_6000_firmware:v600r010c00spc100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "497DA2B2-A223-4DF4-8318-4D61A07DE89E"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_6000_firmware:v600r010c00spc110:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6EABC8D-CF29-4EE8-AB12-52FD319E0451"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_6000_firmware:v600r010c00spc120:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4868DB43-AAC0-4709-A624-5DEC440DC467"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_6000_firmware:v600r010c00spc200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CF23C0E-13A5-4048-BEF5-327914421B9E"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_6000_firmware:v600r010c00spc210:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F4DC23A-5740-49FA-9357-31FD557A0CF6"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_6000_firmware:v600r010c00spc300:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18F19C7B-95A2-4E09-ABC0-0CFA84C0085E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7B8CFC69-D6E8-4163-AE0F-B85693F2555D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:imanager_neteco_firmware:v600r009c00spc100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "485BDF37-6661-4BE6-9E8F-81789438BE9E"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_firmware:v600r009c00spc110:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E57422AB-3A4A-4607-BD5F-F2202DC98DBC"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_firmware:v600r009c00spc120:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A81E5DA2-A22D-4709-A6A1-BF1E9E4FE90F"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_firmware:v600r009c00spc190:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E6BEE4A-AFD0-4618-8A0C-98FB34578924"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_firmware:v600r009c00spc200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AEDC6F2-9B47-4CD7-922F-F1E44E70D3FF"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_firmware:v600r009c00spc201:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "369D1CB7-F518-4FDA-8B91-5175AEBF8A27"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_firmware:v600r009c00spc202:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC7E8838-96CF-4ACF-A40A-11C89D2D3289"}, {"criteria": "cpe:2.3:o:huawei:imanager_neteco_firmware:v600r009c00spc210:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BC54B6E-69E3-4DDD-B2C3-22159285DE83"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:imanager_neteco:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D96479E8-2B4F-4149-B61B-79ECD0524A01"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}