Vulnerability CVE-2021-22358

Vulnerability CVE-2021-22358

Published: 2021-05-27

Description:

There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4/10	2.9/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
None	None	Partial

Affected software
Huawei -> Fusioncompute

References:

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210506-01-inputvalidate-en

Copyright 2024, cxsecurity.com