Lucene search

K
cve[email protected]CVE-2021-22332
HistoryApr 28, 2021 - 1:15 p.m.

CVE-2021-22332

2021-04-2813:15:08
CWE-415
web.nvd.nist.gov
22
4
cve-2021-22332
cloudengine
pointer double free
vulnerability
nvd
security

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.5%

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service.

Affected configurations

NVD
Node
huaweicloudengine_12800_firmwareMatchv200r002c50spc800
OR
huaweicloudengine_12800_firmwareMatchv200r003c00spc810
OR
huaweicloudengine_12800_firmwareMatchv200r005c00spc800
OR
huaweicloudengine_12800_firmwareMatchv200r005c10spc800
AND
huaweicloudengine_12800Match-
Node
huaweicloudengine_5800_firmwareMatchv200r002c50spc800
OR
huaweicloudengine_5800_firmwareMatchv200r003c00spc810
OR
huaweicloudengine_5800_firmwareMatchv200r005c00spc800
OR
huaweicloudengine_5800_firmwareMatchv200r005c10spc800
AND
huaweicloudengine_5800Match-
Node
huaweicloudengine_6800_firmwareMatchv200r002c50spc800
OR
huaweicloudengine_6800_firmwareMatchv200r003c00spc810
OR
huaweicloudengine_6800_firmwareMatchv200r005c00spc800
OR
huaweicloudengine_6800_firmwareMatchv200r005c10spc800
AND
huaweicloudengine_6800Match-
Node
huaweicloudengine_7800_firmwareMatchv200r002c50spc800
OR
huaweicloudengine_7800_firmwareMatchv200r003c00spc810
OR
huaweicloudengine_7800_firmwareMatchv200r005c00spc800
OR
huaweicloudengine_7800_firmwareMatchv200r005c10spc800
AND
huaweicloudengine_7800Match-

CNA Affected

[
  {
    "product": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800"
      }
    ]
  }
]

Social References

More

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.5%

Related for CVE-2021-22332