CVE-2021-22449

There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:huawei:elf-g10hn:1.0.0.608:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-08-23 20:15

Updated : 2022-07-12 17:42

NVD link : CVE-2021-22449

Mitre link : CVE-2021-22449

CVE.ORG link : CVE-2021-22449

JSON object : View

Products Affected

huawei

elf-g10hn

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-22449", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-08-23T20:15:14.243", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device."}, {"lang": "es", "value": "Se presenta una vulnerabilidad l\u00f3gica en Elf-G10HN versi\u00f3n 1.0.0.608. Un atacante no autenticado podr\u00eda llevar a cabo operaciones espec\u00edficas para explotar esta vulnerabilidad. Debido a un dise\u00f1o de seguridad insuficiente, una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante a\u00f1adir usuarios para ser amigos sin preguntar en el dispositivo de destino."}], "lastModified": "2022-07-12T17:42:04.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:elf-g10hn:1.0.0.608:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93017CA5-C0DF-41D1-BD91-F3E803E99BFE"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}