CVE-2021-22293

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).
HTTP Request/Response Smuggling
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
huaweiCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
huaweimanageone
6.5.1.1
huaweimanageone
6.5.1.1:rc1
huaweimanageone
6.5.1.1:rc2
huaweimanageone
6.5.1.1:spc100
huaweimanageone
6.5.1.1:spc200
huaweimanageone
8.0.0:rc2
huaweitaurus-al00a_firmware
10.0.0.1\(c00e1r1p1\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en