What is CVE-2021-37131?

CVE-2021-37131 is a medium-severity vulnerability in Huawei Imanager_neteco, classified under Improper Neutralization of Formula Elements in a CSV File. CVSS score: 6.8/10. Published 2021-10-27.

How severe is CVE-2021-37131?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Huawei Imanager_neteco

CVE-2021-37131

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input valida…

EPSS: 0.006 (42.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H.

Affected products

Huawei Imanager_neteco — versions v600r010c00cp2001, v600r010c00cp2002, v600r010c00cp3001
Huawei Imanager_neteco_6000 — versions v600r009c00cp2201, v600r009c00cp2301, v600r009c00spc100
Huawei Manageone — versions 6.5.1, 6.5.1.1, 8.0.0
N/a Manageone;imanager Neteco;imanager Neteco 6000 — versions 6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC1.B070,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B090,8.0.0,8.0.0-LCN080,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3, V600R010C00CP2001,V600R010C00CP2002,V600R010C00CP3001,V600R010C00CP3002,V600R010C00CP3101,V600R010C00CP3102,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300,V600R010C00SPC310, V600R009C00CP2201,V600R009C00CP2301,V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210,V600R009C00SPC220,V600R009C00SPC221,V600R009C00SPC230,V600R009C00SPC232

Weakness classification (CWE)

CWE-1236 — Improper Neutralization of Formula Elements in a CSV File

References

psirt@huawei.com (Patch, x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-37131?: CVE-2021-37131 is a medium-severity vulnerability in Huawei Imanager_neteco, classified under Improper Neutralization of Formula Elements in a CSV File. CVSS score: 6.8/10. Published 2021-10-27.
How severe is CVE-2021-37131?: Medium severity. CVSS v3 base score is 6.8 out of 10.