CVE-2021-22299
📋 TL;DR
This is a local privilege escalation vulnerability in Huawei ManageOne, NFV_FusionSphere, SMC2.0, and iMaster MAE-M products. An authenticated local attacker can execute crafted commands to gain higher privileges on affected systems. The vulnerability affects specific versions of these Huawei enterprise products.
💻 Affected Systems
- Huawei ManageOne
- Huawei NFV_FusionSphere
- Huawei SMC2.0
- Huawei iMaster MAE-M
📦 What is this software?
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Manageone by Huawei
Network Functions Virtualization Fusionsphere by Huawei
View all CVEs affecting Network Functions Virtualization Fusionsphere →
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker gains root/administrator privileges, enabling complete system compromise, data theft, lateral movement, and persistence.
Likely Case
Malicious insider or compromised low-privilege account escalates to administrative privileges for unauthorized access and control.
If Mitigated
With proper access controls and monitoring, impact is limited to isolated systems with minimal data exposure.
🎯 Exploit Status
Exploitation requires authenticated access and specific command crafting. No public exploit code is available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to versions beyond those listed in affected versions. Contact Huawei for specific patched versions.
Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en
Restart Required: Yes
Instructions:
1. Check current version using Huawei product management interface. 2. Download appropriate patches from Huawei support portal. 3. Apply patches following Huawei's update procedures. 4. Restart affected services/systems as required.
🔧 Temporary Workarounds
Restrict Local Access
linuxLimit local shell/command access to trusted administrators only.
# Configure access controls via Huawei management interface
# Use role-based access control to restrict command execution
Monitor Command Execution
linuxImplement auditing of privileged command execution on affected systems.
# Configure auditd or Huawei monitoring tools
# Set up alerts for unusual privilege escalation attempts
🧯 If You Can't Patch
- Implement strict access controls and least privilege principles for all user accounts.
- Deploy host-based intrusion detection and monitor for privilege escalation attempts.
🔍 How to Verify
Check if Vulnerable:
Check Huawei product version against affected version list in vendor advisory.Check Version:
# Use Huawei product-specific CLI or web interface to check versionVerify Fix Applied:
Verify version is updated beyond affected versions and test privilege escalation attempts fail.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation events
- Suspicious command execution by non-admin users
- Failed authentication attempts followed by successful privilege changes
Network Indicators:
- N/A - Local vulnerability
SIEM Query:
source="huawei_product" AND (event_type="privilege_escalation" OR command="sudo" OR command="su")