{"api_version":"1","generated_at":"2026-04-23T11:34:59+00:00","cve":"CVE-2021-39976","urls":{"html":"https://cve.report/CVE-2021-39976","api":"https://cve.report/api/cve/CVE-2021-39976.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-39976","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-39976"},"summary":{"title":"CVE-2021-39976","description":"There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.","state":"PUBLIC","assigner":"psirt@huawei.com","published_at":"2021-11-23 15:15:00","updated_at":"2022-07-12 17:42:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211103-01-privilege-en","name":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211103-01-privilege-en","refsource":"MISC","tags":[],"title":"Security Advisory - Privilege Escalation Vulnerability in Huawei Product","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-39976","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39976","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"39976","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"cloudengine_5800","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"39976","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"cloudengine_5800_firmware","cpe6":"v200r020c00spc600","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-39976","ASSIGNER":"psirt@huawei.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"CloudEngine 5800","version":{"version_data":[{"version_value":"V200R020C00SPC600"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Privilege Escalation"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211103-01-privilege-en","url":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211103-01-privilege-en"}]},"description":{"description_data":[{"lang":"eng","value":"There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege."}]}},"nvd":{"publishedDate":"2021-11-23 15:15:00","lastModifiedDate":"2022-07-12 17:42:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r020c00spc600:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"39976","Ordinal":"215682","Title":"CVE-2021-39976","CVE":"CVE-2021-39976","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"39976","Ordinal":"1","NoteData":"There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"39976","Ordinal":"2","NoteData":"2021-11-23","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"39976","Ordinal":"3","NoteData":"2021-11-23","Type":"Other","Title":"Modified"}]}}}