Manageone
CVE-2021-22340
MEDIUM
Severity by source
AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931
AnalysisAI
There is a multiple threads race condition vulnerability in Huawei product. Rated medium severity (CVSS 4.1). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-362. There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931 Affected products include: Huawei Manageone, Huawei Smc2.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that t
There is a local privilege escalation vulnerability in some versions of ManageOne. Rated high severity (CVSS 7.8), this
There is a local privilege escalation vulnerability in some Huawei products. Rated high severity (CVSS 7.8), this vulner
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Rated high severity (CVSS 7.5),
Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insuffici
There is an improper permission assignment vulnerability in Huawei ManageOne product. Rated high severity (CVSS 7.2), th
ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. Rated medium severity (CV
There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. Rated medium severity (CVSS 6.7), this vulnerab
There is a denial of service vulnerability in some versions of ManageOne. Rated medium severity (CVSS 6.5), this vulnera
There is a logic vulnerability in Huawei Gauss100 OLTP Product. Rated medium severity (CVSS 6.5), this vulnerability is
There is a denial of service vulnerability in some versions of ManageOne. Rated medium severity (CVSS 5.3), this vulnera
Same weakness CWE-362 – Race Condition
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today