CVE-2021-22410 — MEDIUM (5.4)

Vulnerability Description

There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Imaster Nce-Fabric Firmware	v100r019c10
Huawei	Imaster Nce-Fabric	-

Related Weaknesses (CWE)

CWE-79

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-xss-enVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-xss-enVendor Advisory

FAQ

What is CVE-2021-22410?

CVE-2021-22410 is a vulnerability with a CVSS score of 5.4 (MEDIUM). There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input aft...

How severe is CVE-2021-22410?

CVE-2021-22410 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22410?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Imaster Nce-Fabric Firmware, Huawei Imaster Nce-Fabric.