Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-22356
HistoryNov 23, 2021 - 4:15 p.m.

CVE-2021-22356

2021-11-2316:15:08
CWE-327
[email protected]
web.nvd.nist.gov
19
cve-2021-22356
huawei
weak secure algorithm
vulnerability
information leak
ips module
ngfw module
secospace usg
usg6300
usg6500
usg6600
usg9500
nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.4%

JSON

There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions include: IPS Module V500R005C00SPC100, V500R005C00SPC200; NGFW Module V500R005C00SPC100, V500R005C00SPC200; Secospace USG6300 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6600 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; USG9500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200.

Affected configurations

NVD
Node
huaweiips_module_firmwareMatchv500r005c00spc100
OR
huaweiips_module_firmwareMatchv500r005c00spc200
AND
huaweiips_moduleMatch-
Node
huaweingfw_module_firmwareMatchv500r005c00spc100
OR
huaweingfw_module_firmwareMatchv500r005c00spc200
AND
huaweingfw_moduleMatch-
Node
huaweisecospace_usg6300_firmwareMatchv500r001c30spc200
OR
huaweisecospace_usg6300_firmwareMatchv500r001c30spc600
OR
huaweisecospace_usg6300_firmwareMatchv500r001c60spc500
OR
huaweisecospace_usg6300_firmwareMatchv500r005c00spc100
OR
huaweisecospace_usg6300_firmwareMatchv500r005c00spc200
AND
huaweisecospace_usg6300Match-
Node
huaweisecospace_usg6500_firmwareMatchv500r001c30spc200
OR
huaweisecospace_usg6500_firmwareMatchv500r001c30spc600
OR
huaweisecospace_usg6500_firmwareMatchv500r001c60spc500
OR
huaweisecospace_usg6500_firmwareMatchv500r005c00spc100
OR
huaweisecospace_usg6500_firmwareMatchv500r005c00spc200
AND
huaweisecospace_usg6500Match-
Node
huaweisecospace_usg6600_firmwareMatchv500r001c30spc200
OR
huaweisecospace_usg6600_firmwareMatchv500r001c30spc600
OR
huaweisecospace_usg6600_firmwareMatchv500r001c60spc500
OR
huaweisecospace_usg6600_firmwareMatchv500r005c00spc100
OR
huaweisecospace_usg6600_firmwareMatchv500r005c00spc200
AND
huaweisecospace_usg6600Match-
Node
huaweiusg9500_firmwareMatchv500r001c30spc200
OR
huaweiusg9500_firmwareMatchv500r001c30spc600
OR
huaweiusg9500_firmwareMatchv500r001c60spc500
OR
huaweiusg9500_firmwareMatchv500r005c00spc100
OR
huaweiusg9500_firmwareMatchv500r005c00spc200
AND
huaweiusg9500Match-

CNA Affected

[
  {
    "product": "IPS Module;NGFW Module;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V500R005C00SPC100,V500R005C00SPC200"
      },
      {
        "status": "affected",
        "version": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200"
      }
    ]
  }
]

Related

nvd 1
cnvd 1
huawei 1
prion 1
cvelist 1
openvas 1
nvd
nvd
CVE-2021-22356
2021-11-23 16:15:08
cnvd
cnvd
Multiple Huawei products weak security algorithm vulnerabilities
2021-11-22 00:00:00
huawei
huawei
Security Advisory - Weak Secure Algorithm Vulnerability in Huawei Product
2021-05-12 00:00:00
prion
prion
Code injection
2021-11-23 16:15:00
cvelist
cvelist
CVE-2021-22356
2021-11-23 15:05:21
openvas
openvas
Huawei Data Communication: Weak Secure Algorithm Vulnerability in Huawei Product (huawei-sa-20210512-01-infomationleak)
2021-11-24 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.4%

JSON
Related for CVE-2021-22356
nvd1cnvd1huawei1prion1cvelist1openvas1