Lucene search

[email protected]CVE-2021-22312

HistoryApr 08, 2021 - 7:15 p.m.

CVE-2021-22312

2021-04-0819:15:00

CWE-401

[email protected]

web.nvd.nist.gov

huawei

memory leak

vulnerability

authenticated remote attacker

service abnormality

ips module

ngfw module

secospace usg6300

secospace usg6500

secospace usg6600

usg9500

cve-2021-22312

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

49.6%

JSON

There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

CPENameOperatorVersion
huawei:ips_module_firmwarehuawei ips module firmwareeqv500r005c00spc100
huawei:ips_module_firmwarehuawei ips module firmwareeqv500r005c00spc200
huawei:ngfw_module_firmwarehuawei ngfw module firmwareeqv500r005c00spc100
huawei:ngfw_module_firmwarehuawei ngfw module firmwareeqv500r005c00spc200
huawei:secospace_usg6300_firmwarehuawei secospace usg6300 firmwareeqv500r001c30spc200
huawei:secospace_usg6300_firmwarehuawei secospace usg6300 firmwareeqv500r001c30spc600
huawei:secospace_usg6300_firmwarehuawei secospace usg6300 firmwareeqv500r001c60spc500
huawei:secospace_usg6300_firmwarehuawei secospace usg6300 firmwareeqv500r005c00spc100
huawei:secospace_usg6300_firmwarehuawei secospace usg6300 firmwareeqv500r005c00spc200
huawei:secospace_usg6500_firmwarehuawei secospace usg6500 firmwareeqv500r001c30spc200

CPE	Name	Operator	Version
huawei:ips_module_firmware	huawei ips module firmware	eq	v500r005c00spc100
huawei:ips_module_firmware	huawei ips module firmware	eq	v500r005c00spc200
huawei:ngfw_module_firmware	huawei ngfw module firmware	eq	v500r005c00spc100
huawei:ngfw_module_firmware	huawei ngfw module firmware	eq	v500r005c00spc200
huawei:secospace_usg6300_firmware	huawei secospace usg6300 firmware	eq	v500r001c30spc200
huawei:secospace_usg6300_firmware	huawei secospace usg6300 firmware	eq	v500r001c30spc600
huawei:secospace_usg6300_firmware	huawei secospace usg6300 firmware	eq	v500r001c60spc500
huawei:secospace_usg6300_firmware	huawei secospace usg6300 firmware	eq	v500r005c00spc100
huawei:secospace_usg6300_firmware	huawei secospace usg6300 firmware	eq	v500r005c00spc200
huawei:secospace_usg6500_firmware	huawei secospace usg6500 firmware	eq	v500r001c30spc200

Rows per page:

1-10 of 421

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-memoryleak-en

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

49.6%

JSON

Related for CVE-2021-22312

prion1 huawei1