Lucene search

[email protected]CVE-2021-22309

HistoryMar 22, 2021 - 6:15 p.m.

CVE-2021-22309

2021-03-2218:15:00

CWE-330

[email protected]

web.nvd.nist.gov

cve-2021-22309

insecure algorithm

huawei products

vulnerability

brute forcing

information leak

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.1%

JSON

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.

CPENameOperatorVersion
huawei:usg9500_firmwarehuawei usg9500 firmwareeqv500r001c30spc200
huawei:usg9500_firmwarehuawei usg9500 firmwareeqv500r001c60spc500
huawei:usg9500_firmwarehuawei usg9500 firmwareeqv500r005c00spc200
huawei:usg9520_firmwarehuawei usg9520 firmwareeqv500r005c00
huawei:usg9560_firmwarehuawei usg9560 firmwareeqv500r005c00
huawei:usg9580_firmwarehuawei usg9580 firmwareeqv500r005c00

CPE	Name	Operator	Version
huawei:usg9500_firmware	huawei usg9500 firmware	eq	v500r001c30spc200
huawei:usg9500_firmware	huawei usg9500 firmware	eq	v500r001c60spc500
huawei:usg9500_firmware	huawei usg9500 firmware	eq	v500r005c00spc200
huawei:usg9520_firmware	huawei usg9520 firmware	eq	v500r005c00
huawei:usg9560_firmware	huawei usg9560 firmware	eq	v500r005c00
huawei:usg9580_firmware	huawei usg9580 firmware	eq	v500r005c00

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20210202-01-fw-en

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for CVE-2021-22309

huawei1 prion1 openvas1