CVE-2021-22293 — HIGH (7.5)

Vulnerability Description

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Campusinsight	v100r019c10
Huawei	Manageone	6.5.1.1
Huawei	Taurus-Al00A Firmware	10.0.0.1\(c00e1r1p1\)
Huawei	Taurus-Al00A	-

Related Weaknesses (CWE)

CWE-444

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-eVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-eVendor Advisory

FAQ

What is CVE-2021-22293?

CVE-2021-22293 is a vulnerability with a CVSS score of 7.5 (HIGH). Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusIn...

How severe is CVE-2021-22293?

CVE-2021-22293 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22293?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Campusinsight, Huawei Manageone, Huawei Taurus-Al00A Firmware, Huawei Taurus-Al00A.