2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2021-37131" ,
"sourceIdentifier" : "psirt@huawei.com" ,
"published" : "2021-10-27T01:15:07.863" ,
"lastModified" : "2021-10-29T01:26:41.697" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device."
} ,
{
"lang" : "es" ,
"value" : "Se presenta una vulnerabilidad de inyecci\u00f3n CSV en ManageOne, iManager NetEco e iManager NetEco 6000. Un atacante con altos privilegios puede explotar esta vulnerabilidad mediante algunas operaciones para inyectar los archivos CSV. Debido a una comprobaci\u00f3n de entrada insuficiente de algunos par\u00e1metros, el atacante puede explotar esta vulnerabilidad para inyectar archivos CSV en el dispositivo de destino"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 6.8 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 0.9 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:P" ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "SINGLE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
"availabilityImpact" : "PARTIAL" ,
"baseScore" : 6.0
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 6.8 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : true
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-1236"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b060:*:*:*:*:*:*" ,
"matchCriteriaId" : "24872541-A493-48BD-AA2C-7A976FF75F9D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b070:*:*:*:*:*:*" ,
"matchCriteriaId" : "D962B0A1-0725-4A6F-99EB-E6E42F03243B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b020:*:*:*:*:*:*" ,
"matchCriteriaId" : "61EC963F-1160-43D4-B4E4-2CC2B209B4DA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b030:*:*:*:*:*:*" ,
"matchCriteriaId" : "2B7820BE-0307-40F3-A7BD-66D5B8C7A0A6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b040:*:*:*:*:*:*" ,
"matchCriteriaId" : "AD086E38-D1F5-4160-A7A2-12E681F686CB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b050:*:*:*:*:*:*" ,
"matchCriteriaId" : "035E4DF1-4B17-448B-8A78-CD81F68D38CA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b060:*:*:*:*:*:*" ,
"matchCriteriaId" : "DDDB5BDF-9760-4EE6-947D-A633B9CC0D36"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b070:*:*:*:*:*:*" ,
"matchCriteriaId" : "31787857-76F6-4E80-82B7-56B1C12B6628"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b090:*:*:*:*:*:*" ,
"matchCriteriaId" : "73901E08-8C24-46FB-A42D-6457630AA6DC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:b010:*:*:*:*:*:*" ,
"matchCriteriaId" : "463A4059-55EF-4862-B8AD-90DCAC0CC871"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*" ,
"matchCriteriaId" : "4042FC49-4FC7-46B4-8D14-ECACF22A9860"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*" ,
"matchCriteriaId" : "A4D8799F-9ADD-442F-BC39-4BCAFBFFBE2B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*" ,
"matchCriteriaId" : "535597A4-29C8-44A8-9008-4F4E10030531"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:spc100.b050:*:*:*:*:*:*" ,
"matchCriteriaId" : "C59C64B0-D42D-4515-BD2B-4FE5C7F48BE6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b010:*:*:*:*:*:*" ,
"matchCriteriaId" : "698B071C-FC52-40CD-BBA7-53426051F504"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b040:*:*:*:*:*:*" ,
"matchCriteriaId" : "F6461FE1-99CC-48E4-8134-F17D895511F0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:*" ,
"matchCriteriaId" : "FE5AE38A-627F-4337-949D-A5811D6859EB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b010:*:*:*:*:*:*" ,
"matchCriteriaId" : "29FEC933-0E52-496B-A2B3-C84E65E5B430"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b030:*:*:*:*:*:*" ,
"matchCriteriaId" : "16F30BF5-4510-4AC7-8B12-6D4126C2DC60"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b040:*:*:*:*:*:*" ,
"matchCriteriaId" : "37090D37-0CDF-464B-9509-4F465D20C8C2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b050:*:*:*:*:*:*" ,
"matchCriteriaId" : "83B2B033-F12C-487E-8245-3F5BBF59BBC1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b060:*:*:*:*:*:*" ,
"matchCriteriaId" : "1ADF4433-A950-4A00-A4F7-12F766B4C947"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b070:*:*:*:*:*:*" ,
"matchCriteriaId" : "7FF3EB4D-6892-4572-B1D6-6183FE8B8D66"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:8.0.0:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "EFA5EBB8-C174-4CF0-ADE6-15B62C10DD86"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:8.0.0:lcn080:*:*:*:*:*:*" ,
"matchCriteriaId" : "EF638B61-21C2-4BCF-8EDA-549073776C96"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:8.0.0:lcnd81:*:*:*:*:*:*" ,
"matchCriteriaId" : "E9090F1E-EF60-4E54-9885-7F6B1681DE9A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*" ,
"matchCriteriaId" : "51E51969-9D4D-4A58-BEBD-19F4BD64BC7A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:8.0.0:rc3:*:*:*:*:*:*" ,
"matchCriteriaId" : "2A1E9FF8-C0A4-47A5-9738-4D0ADB35DAF6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:8.0.0:spc100:*:*:*:*:*:*" ,
"matchCriteriaId" : "7EDE7C94-7E89-45E6-8A79-32E53D9139DB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "47A8E919-FAC0-4011-927F-599AA7688A32"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp2001:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DB5DA70B-2B2A-4D66-8D45-D37B0128DC01"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp2002:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "47D66420-5D94-4757-BCDA-878628D83201"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp3001:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "27280804-63DD-416E-98E1-D68827A8B25E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp3002:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "135682EE-750C-40E5-B670-3413F75CA9BF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp3101:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E138CC11-2FCF-49D6-A5D9-1640E6EB7DF8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp3102:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A6D15126-6131-45DA-943B-3B5246C1DEE9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc100:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DF27593A-5B5D-42F8-8826-7B5AE71D0017"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc110:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B61166A9-71C0-4DAD-B12A-09E60BC2185A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc120:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "65650D52-CF29-4A80-B026-FFC758AEE209"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc200:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E09E6692-73D6-4EAE-902B-B1C04EA707C8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc210:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "74B4D132-7977-4137-A5E3-3730FE63CC3E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc300:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FF7DC28E-0473-4D40-BF89-E90983070F72"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc310:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "58E64AEF-5493-40D8-B992-3E6BEA38AE08"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00cp2201:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "66B67DA3-781D-47BA-941B-475DB4D8EDF6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00cp2301:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "15AAA803-8D92-44A7-B199-8847F39DB9BE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc100:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F48421A9-58FC-4144-AE9F-9B82818EF62D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc110:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "41237B91-3778-48C7-BBDD-A56957390F61"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc120:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A4B056BA-73D9-4E1A-B865-838D3CEB47B6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc190:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "84300143-1A0C-4172-BAC3-AFDAC85C7F2D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc200:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C45A355E-DEAD-49E7-8A3E-3D474525EB5D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc201:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FF8B49FD-1F1C-42D6-B65A-839D0719F23C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc202:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0FAF9CE1-6489-4DF9-A559-803291CA2A4F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc210:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "94B7FBF4-57D3-4F15-B614-FF4A707F85D7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc220:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9E007CA7-E6E2-4391-9889-9029C8EDEC1F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc221:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3A5A03CC-A585-4DD1-B6DD-7B126E3D616D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc230:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0A387DDE-C053-45A1-BE44-E643CAB35B51"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc232:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "50B76F15-9FE3-41C1-80A8-68CAAEBB6D71"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en" ,
"source" : "psirt@huawei.com" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
}
]
}
