Lucene search

[email protected]CVE-2021-22321

HistoryMar 22, 2021 - 8:15 p.m.

CVE-2021-22321

2021-03-2220:15:00

CWE-416

[email protected]

web.nvd.nist.gov

huawei

product vulnerability

use-after-free

memory

nip6300

nip6600

nip6800

s1700

s2700

s5700

s6700

s7700

s9700

secospace usg6300

secospace usg6500

secospace usg6600

usg9500

nvd

cve-2021-22321

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

38.6%

JSON

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

CPENameOperatorVersion
huawei:nip6300_firmwarehuawei nip6300 firmwareeqv500r001c30
huawei:nip6300_firmwarehuawei nip6300 firmwareeqv500r001c60
huawei:nip6600_firmwarehuawei nip6600 firmwareeqv500r001c30
huawei:nip6800_firmwarehuawei nip6800 firmwareeqv500r001c60
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r007c01
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r007c01b102
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r008c00
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r010c00
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r010c00spc300
huawei:s12700_firmwarehuawei s12700 firmwareeqv200r011c00

CPE	Name	Operator	Version
huawei:nip6300_firmware	huawei nip6300 firmware	eq	v500r001c30
huawei:nip6300_firmware	huawei nip6300 firmware	eq	v500r001c60
huawei:nip6600_firmware	huawei nip6600 firmware	eq	v500r001c30
huawei:nip6800_firmware	huawei nip6800 firmware	eq	v500r001c60
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r007c01
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r007c01b102
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r008c00
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r010c00
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r010c00spc300
huawei:s12700_firmware	huawei s12700 firmware	eq	v200r011c00

Rows per page:

1-10 of 611

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-uaf-en

Social References

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

38.6%

JSON

Related for CVE-2021-22321

openvas1 prion1 huawei1