Lucene search

K
cve[email protected]CVE-2021-22332
HistoryApr 28, 2021 - 1:15 p.m.

CVE-2021-22332

2021-04-2813:15:08
CWE-415
web.nvd.nist.gov
22
4
cve-2021-22332
cloudengine
pointer double free
vulnerability
nvd
security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.5%

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service.

Affected configurations

NVD
Node
huaweicloudengine_12800_firmwareMatchv200r002c50spc800
OR
huaweicloudengine_12800_firmwareMatchv200r003c00spc810
OR
huaweicloudengine_12800_firmwareMatchv200r005c00spc800
OR
huaweicloudengine_12800_firmwareMatchv200r005c10spc800
AND
huaweicloudengine_12800Match-
Node
huaweicloudengine_5800_firmwareMatchv200r002c50spc800
OR
huaweicloudengine_5800_firmwareMatchv200r003c00spc810
OR
huaweicloudengine_5800_firmwareMatchv200r005c00spc800
OR
huaweicloudengine_5800_firmwareMatchv200r005c10spc800
AND
huaweicloudengine_5800Match-
Node
huaweicloudengine_6800_firmwareMatchv200r002c50spc800
OR
huaweicloudengine_6800_firmwareMatchv200r003c00spc810
OR
huaweicloudengine_6800_firmwareMatchv200r005c00spc800
OR
huaweicloudengine_6800_firmwareMatchv200r005c10spc800
AND
huaweicloudengine_6800Match-
Node
huaweicloudengine_7800_firmwareMatchv200r002c50spc800
OR
huaweicloudengine_7800_firmwareMatchv200r003c00spc810
OR
huaweicloudengine_7800_firmwareMatchv200r005c00spc800
OR
huaweicloudengine_7800_firmwareMatchv200r005c10spc800
AND
huaweicloudengine_7800Match-

CNA Affected

[
  {
    "product": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800"
      }
    ]
  }
]

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.5%

Related for CVE-2021-22332