What is CVE-2021-37127?

CVE-2021-37127 is a high-severity vulnerability in Huawei Imanager_neteco, classified under Improper Verification of Cryptographic Signature. CVSS score: 7.2/10. Published 2021-10-27.

How severe is CVE-2021-37127?

High severity. CVSS v3 base score is 7.2 out of 10.

Vulnerability in Huawei Imanager_neteco

CVE-2021-37127

There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file o…

EPSS: 0.007 (48.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Huawei Imanager_neteco
Huawei Imanager_neteco_6000
Huawei Imanager_neteco_6000_firmware — versions v600r010c00cp2001, v600r010c00cp2002, v600r010c00spc100
Huawei Imanager_neteco_firmware — versions v600r009c00spc100, v600r009c00spc110, v600r009c00spc120
N/a Imanager Neteco;imanager Neteco 6000 — versions V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300, V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

psirt@huawei.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-37127?: CVE-2021-37127 is a high-severity vulnerability in Huawei Imanager_neteco, classified under Improper Verification of Cryptographic Signature. CVSS score: 7.2/10. Published 2021-10-27.
How severe is CVE-2021-37127?: High severity. CVSS v3 base score is 7.2 out of 10.