CVE-2021-22314

7.8 HIGH

📋 TL;DR

CVE-2021-22314 is a local privilege escalation vulnerability in Huawei ManageOne products. An authenticated local attacker can exploit this vulnerability to gain elevated privileges and potentially compromise the service. This affects organizations using vulnerable versions of Huawei ManageOne.

💻 Affected Systems

Products:

• Huawei ManageOne

Versions: Versions earlier than ManageOne 8.0.1.1

Operating Systems: Linux-based Huawei operating systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects ManageOne products; requires local authenticated access to the system.

📦 What is this software?

Manageone by Huawei

View all CVEs affecting Manageone →

Manageone by Huawei

View all CVEs affecting Manageone →

Manageone by Huawei

View all CVEs affecting Manageone →

Manageone by Huawei

View all CVEs affecting Manageone →

Manageone by Huawei

View all CVEs affecting Manageone →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full administrative control over ManageOne system, potentially compromising all managed infrastructure and services.

🟠

Likely Case

Attacker escalates from limited user to administrative privileges, enabling configuration changes, data access, and further system compromise.

🟢

If Mitigated

With proper access controls and monitoring, exploitation would be detected and contained before significant damage occurs.

🌐 Internet-Facing: LOW (requires local authenticated access, not directly exploitable over network)

🏢 Internal Only: HIGH (local authenticated attackers within the organization can exploit this for privilege escalation)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local authenticated access and specific operations as described in the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ManageOne 8.0.1.1 or later

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210218-01-privilege-en

Restart Required: Yes

Instructions:

1. Download ManageOne 8.0.1.1 or later from Huawei support portal. 2. Backup current configuration and data. 3. Apply the update following Huawei's upgrade documentation. 4. Restart the ManageOne services as required.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local user accounts and implement strict access controls to reduce attack surface.

Enhanced Monitoring

all

Implement enhanced logging and monitoring for privilege escalation attempts.

🧯 If You Can't Patch

• Implement strict principle of least privilege for all local user accounts
• Deploy host-based intrusion detection systems to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Copy

Check ManageOne version via web interface or CLI; versions earlier than 8.0.1.1 are vulnerable.

Check Version:

Copy

Check via ManageOne web interface or consult Huawei documentation for version verification commands.

Verify Fix Applied:

Copy

Verify ManageOne version is 8.0.1.1 or later and check that no unauthorized privilege escalation has occurred.

📡 Detection & Monitoring

Log Indicators:

• Unusual privilege escalation events
• Unauthorized access to administrative functions
• Changes to user privilege levels

Network Indicators:

• Not applicable - local vulnerability

SIEM Query:

Copy

Search for events where local user privileges are escalated unexpectedly or administrative functions are accessed by non-admin users.

📊 Metadata

CVE ID: CVE-2021-22314

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: March 22, 2021

Last Updated: November 21, 2024

🔗 References

• https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210218-01-privilege-en Vendor Advisory
• https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210218-01-privilege-en Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON