CVE-2021-22439

Опубликовано: 29 июн. 2021

Источник: nvd

CVSS3: 8.1

CVSS2: 9.3

EPSS Низкий

Описание

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210619-01-injection-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210619-01-injection-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:huawei:anyoffice:v200r006c10:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00167

Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-mv3h-rm7m-83qx

github

больше 3 лет назад

BDU:2021-03579