Lucene search

[email protected]CVE-2021-22320

HistoryMar 22, 2021 - 7:15 p.m.

CVE-2021-22320

2021-03-2219:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2021-22320

denial of service

huawei

ips module

ngfw module

nip6600

nip6800

secospace usg6300

secospace usg6500

secospace usg6600

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

41.6%

JSON

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS Module, NGFW Module, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500 and Secospace USG6600.

CPENameOperatorVersion
huawei:ips_module_firmwarehuawei ips module firmwareeqv500r005c00spc100
huawei:ips_module_firmwarehuawei ips module firmwareeqv500r005c00spc200
huawei:ips_module_firmwarehuawei ips module firmwareeqv500r005c20spc300
huawei:ngfw_module_firmwarehuawei ngfw module firmwareeqv500r005c00spc100
huawei:ngfw_module_firmwarehuawei ngfw module firmwareeqv500r005c00spc200
huawei:ngfw_module_firmwarehuawei ngfw module firmwareeqv500r005c20spc300
huawei:nip6600_firmwarehuawei nip6600 firmwareeqv500r001c30spc200
huawei:nip6600_firmwarehuawei nip6600 firmwareeqv500r001c30spc600
huawei:nip6600_firmwarehuawei nip6600 firmwareeqv500r001c60spc500
huawei:nip6600_firmwarehuawei nip6600 firmwareeqv500r005c00spc100

CPE	Name	Operator	Version
huawei:ips_module_firmware	huawei ips module firmware	eq	v500r005c00spc100
huawei:ips_module_firmware	huawei ips module firmware	eq	v500r005c00spc200
huawei:ips_module_firmware	huawei ips module firmware	eq	v500r005c20spc300
huawei:ngfw_module_firmware	huawei ngfw module firmware	eq	v500r005c00spc100
huawei:ngfw_module_firmware	huawei ngfw module firmware	eq	v500r005c00spc200
huawei:ngfw_module_firmware	huawei ngfw module firmware	eq	v500r005c20spc300
huawei:nip6600_firmware	huawei nip6600 firmware	eq	v500r001c30spc200
huawei:nip6600_firmware	huawei nip6600 firmware	eq	v500r001c30spc600
huawei:nip6600_firmware	huawei nip6600 firmware	eq	v500r001c60spc500
huawei:nip6600_firmware	huawei nip6600 firmware	eq	v500r005c00spc100

Rows per page:

1-10 of 391

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-03-dos-en

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

41.6%

JSON

Related for CVE-2021-22320

prion1 huawei1 openvas1