CVE-2021-22293

Опубликовано: 06 фев. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:huawei:campusinsight:v100r019c10:*:*:*:*:*:*:*

cpe:2.3:a:huawei:manageone:6.5.1.1:-:*:*:*:*:*:*

cpe:2.3:a:huawei:manageone:6.5.1.1:rc1:*:*:*:*:*:*

cpe:2.3:a:huawei:manageone:6.5.1.1:rc2:*:*:*:*:*:*

cpe:2.3:a:huawei:manageone:6.5.1.1:spc100:*:*:*:*:*:*

cpe:2.3:a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:*

cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:huawei:taurus-al00a_firmware:10.0.0.1\(c00e1r1p1\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:taurus-al00a:-:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00131

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-444

Связанные уязвимости

GHSA-pxp2-gjpv-xjrc

github

больше 3 лет назад