{ "id": "CVE-2021-37131", "sourceIdentifier": "psirt@huawei.com", "published": "2021-10-27T01:15:07.863", "lastModified": "2021-10-29T01:26:41.697", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device." }, { "lang": "es", "value": "Se presenta una vulnerabilidad de inyecci\u00f3n CSV en ManageOne, iManager NetEco e iManager NetEco 6000. Un atacante con altos privilegios puede explotar esta vulnerabilidad mediante algunas operaciones para inyectar los archivos CSV. Debido a una comprobaci\u00f3n de entrada insuficiente de algunos par\u00e1metros, el atacante puede explotar esta vulnerabilidad para inyectar archivos CSV en el dispositivo de destino" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 0.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.8, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-1236" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b060:*:*:*:*:*:*", "matchCriteriaId": "24872541-A493-48BD-AA2C-7A976FF75F9D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc1.b070:*:*:*:*:*:*", "matchCriteriaId": "D962B0A1-0725-4A6F-99EB-E6E42F03243B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b020:*:*:*:*:*:*", "matchCriteriaId": "61EC963F-1160-43D4-B4E4-2CC2B209B4DA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b030:*:*:*:*:*:*", "matchCriteriaId": "2B7820BE-0307-40F3-A7BD-66D5B8C7A0A6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b040:*:*:*:*:*:*", "matchCriteriaId": "AD086E38-D1F5-4160-A7A2-12E681F686CB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b050:*:*:*:*:*:*", "matchCriteriaId": "035E4DF1-4B17-448B-8A78-CD81F68D38CA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b060:*:*:*:*:*:*", "matchCriteriaId": "DDDB5BDF-9760-4EE6-947D-A633B9CC0D36" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b070:*:*:*:*:*:*", "matchCriteriaId": "31787857-76F6-4E80-82B7-56B1C12B6628" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1:rc2.b090:*:*:*:*:*:*", "matchCriteriaId": "73901E08-8C24-46FB-A42D-6457630AA6DC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b010:*:*:*:*:*:*", "matchCriteriaId": "463A4059-55EF-4862-B8AD-90DCAC0CC871" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*", "matchCriteriaId": "4042FC49-4FC7-46B4-8D14-ECACF22A9860" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*", "matchCriteriaId": "A4D8799F-9ADD-442F-BC39-4BCAFBFFBE2B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*", "matchCriteriaId": "535597A4-29C8-44A8-9008-4F4E10030531" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc100.b050:*:*:*:*:*:*", "matchCriteriaId": "C59C64B0-D42D-4515-BD2B-4FE5C7F48BE6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b010:*:*:*:*:*:*", "matchCriteriaId": "698B071C-FC52-40CD-BBA7-53426051F504" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b040:*:*:*:*:*:*", "matchCriteriaId": "F6461FE1-99CC-48E4-8134-F17D895511F0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:*", "matchCriteriaId": "FE5AE38A-627F-4337-949D-A5811D6859EB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b010:*:*:*:*:*:*", "matchCriteriaId": "29FEC933-0E52-496B-A2B3-C84E65E5B430" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b030:*:*:*:*:*:*", "matchCriteriaId": "16F30BF5-4510-4AC7-8B12-6D4126C2DC60" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b040:*:*:*:*:*:*", "matchCriteriaId": "37090D37-0CDF-464B-9509-4F465D20C8C2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b050:*:*:*:*:*:*", "matchCriteriaId": "83B2B033-F12C-487E-8245-3F5BBF59BBC1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b060:*:*:*:*:*:*", "matchCriteriaId": "1ADF4433-A950-4A00-A4F7-12F766B4C947" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b070:*:*:*:*:*:*", "matchCriteriaId": "7FF3EB4D-6892-4572-B1D6-6183FE8B8D66" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:8.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "EFA5EBB8-C174-4CF0-ADE6-15B62C10DD86" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:8.0.0:lcn080:*:*:*:*:*:*", "matchCriteriaId": "EF638B61-21C2-4BCF-8EDA-549073776C96" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:8.0.0:lcnd81:*:*:*:*:*:*", "matchCriteriaId": "E9090F1E-EF60-4E54-9885-7F6B1681DE9A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "51E51969-9D4D-4A58-BEBD-19F4BD64BC7A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:8.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "2A1E9FF8-C0A4-47A5-9738-4D0ADB35DAF6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:8.0.0:spc100:*:*:*:*:*:*", "matchCriteriaId": "7EDE7C94-7E89-45E6-8A79-32E53D9139DB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:huawei:manageone:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "47A8E919-FAC0-4011-927F-599AA7688A32" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp2001:*:*:*:*:*:*:*", "matchCriteriaId": "DB5DA70B-2B2A-4D66-8D45-D37B0128DC01" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp2002:*:*:*:*:*:*:*", "matchCriteriaId": "47D66420-5D94-4757-BCDA-878628D83201" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp3001:*:*:*:*:*:*:*", "matchCriteriaId": "27280804-63DD-416E-98E1-D68827A8B25E" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp3002:*:*:*:*:*:*:*", "matchCriteriaId": "135682EE-750C-40E5-B670-3413F75CA9BF" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp3101:*:*:*:*:*:*:*", "matchCriteriaId": "E138CC11-2FCF-49D6-A5D9-1640E6EB7DF8" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00cp3102:*:*:*:*:*:*:*", "matchCriteriaId": "A6D15126-6131-45DA-943B-3B5246C1DEE9" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc100:*:*:*:*:*:*:*", "matchCriteriaId": "DF27593A-5B5D-42F8-8826-7B5AE71D0017" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc110:*:*:*:*:*:*:*", "matchCriteriaId": "B61166A9-71C0-4DAD-B12A-09E60BC2185A" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc120:*:*:*:*:*:*:*", "matchCriteriaId": "65650D52-CF29-4A80-B026-FFC758AEE209" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc200:*:*:*:*:*:*:*", "matchCriteriaId": "E09E6692-73D6-4EAE-902B-B1C04EA707C8" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc210:*:*:*:*:*:*:*", "matchCriteriaId": "74B4D132-7977-4137-A5E3-3730FE63CC3E" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc300:*:*:*:*:*:*:*", "matchCriteriaId": "FF7DC28E-0473-4D40-BF89-E90983070F72" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco:v600r010c00spc310:*:*:*:*:*:*:*", "matchCriteriaId": "58E64AEF-5493-40D8-B992-3E6BEA38AE08" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00cp2201:*:*:*:*:*:*:*", "matchCriteriaId": "66B67DA3-781D-47BA-941B-475DB4D8EDF6" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00cp2301:*:*:*:*:*:*:*", "matchCriteriaId": "15AAA803-8D92-44A7-B199-8847F39DB9BE" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc100:*:*:*:*:*:*:*", "matchCriteriaId": "F48421A9-58FC-4144-AE9F-9B82818EF62D" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc110:*:*:*:*:*:*:*", "matchCriteriaId": "41237B91-3778-48C7-BBDD-A56957390F61" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc120:*:*:*:*:*:*:*", "matchCriteriaId": "A4B056BA-73D9-4E1A-B865-838D3CEB47B6" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc190:*:*:*:*:*:*:*", "matchCriteriaId": "84300143-1A0C-4172-BAC3-AFDAC85C7F2D" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc200:*:*:*:*:*:*:*", "matchCriteriaId": "C45A355E-DEAD-49E7-8A3E-3D474525EB5D" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc201:*:*:*:*:*:*:*", "matchCriteriaId": "FF8B49FD-1F1C-42D6-B65A-839D0719F23C" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc202:*:*:*:*:*:*:*", "matchCriteriaId": "0FAF9CE1-6489-4DF9-A559-803291CA2A4F" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc210:*:*:*:*:*:*:*", "matchCriteriaId": "94B7FBF4-57D3-4F15-B614-FF4A707F85D7" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc220:*:*:*:*:*:*:*", "matchCriteriaId": "9E007CA7-E6E2-4391-9889-9029C8EDEC1F" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc221:*:*:*:*:*:*:*", "matchCriteriaId": "3A5A03CC-A585-4DD1-B6DD-7B126E3D616D" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc230:*:*:*:*:*:*:*", "matchCriteriaId": "0A387DDE-C053-45A1-BE44-E643CAB35B51" }, { "vulnerable": true, "criteria": "cpe:2.3:h:huawei:imanager_neteco_6000:v600r009c00spc232:*:*:*:*:*:*:*", "matchCriteriaId": "50B76F15-9FE3-41C1-80A8-68CAAEBB6D71" } ] } ] } ], "references": [ { "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en", "source": "psirt@huawei.com", "tags": [ "Patch", "Vendor Advisory" ] } ] }