Login Sign Up

CVE-2021-37105

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2021-37105 is an improper file upload vulnerability in Huawei FusionCompute virtualization software. Attackers can upload malicious files without proper validation, potentially causing service disruption. This affects organizations running vulnerable versions of FusionCompute.

💻 Affected Systems

Products:
  • Huawei FusionCompute
Versions: 6.5.0, 6.5.1, 8.0.0
Operating Systems: Not specified - appliance-based
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the file upload functionality in the management interface

📦 What is this software?

Fusioncompute by Huawei

View all CVEs affecting Fusioncompute →

Fusioncompute by Huawei

View all CVEs affecting Fusioncompute →

Fusioncompute by Huawei

View all CVEs affecting Fusioncompute →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the FusionCompute platform, potentially affecting all virtualized workloads and management functions.

🟠

Likely Case

Service instability or denial of service through malicious file uploads, impacting virtualization management capabilities.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting upload functionality to authorized users only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to the file upload functionality, but specific authentication requirements are not detailed in the advisory

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to versions beyond those listed in affected systems

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-upload-en

Restart Required: Yes

Instructions:

1. Check current FusionCompute version. 2. Download appropriate patch from Huawei support portal. 3. Apply patch following Huawei's update procedures. 4. Restart affected services or system as required.

🔧 Temporary Workarounds

Restrict File Upload Access

all

Limit network access to FusionCompute management interface and file upload functionality

Implement File Upload Validation

all

Add additional file type and content validation at network perimeter or reverse proxy

🧯 If You Can't Patch

  • Isolate FusionCompute management interface to trusted networks only
  • Implement strict access controls and monitoring for file upload activities

🔍 How to Verify

Check if Vulnerable:

Check FusionCompute version via management interface or CLI. If version is 6.5.0, 6.5.1, or 8.0.0, system is vulnerable.

Check Version:

Specific command varies by deployment - typically available through FusionCompute management interface or vendor-provided CLI tools

Verify Fix Applied:

Verify version has been updated beyond affected versions and test file upload functionality with controlled test files.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload activities
  • Multiple failed upload attempts
  • Uploads of unexpected file types

Network Indicators:

  • Unusual traffic patterns to file upload endpoints
  • Multiple upload requests from single source

SIEM Query:

source="fusioncompute" AND (event="file_upload" OR url_path="*upload*") AND (file_type!="expected_type" OR size>threshold)

📊 Metadata

CVE ID: CVE-2021-37105
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-434
Published: September 28, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37105, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)