CVE-2021-22361
HIGHHuawei eCNS280 and eSE620X vESS - Improper Authorization Leading to Privilege Escalation
Title source: llmDescription
There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-02-cgp-en
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
8.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (4)
huawei/ecns280_firmware
v100r005c00
huawei/ecns280_firmware
v100r005c10
huawei/ese620x_vess_firmware
v100r001c10spc200
huawei/ese620x_vess_firmware
v100r001c20spc200
Published
Jun 22, 2021
Tracked Since
Feb 18, 2026