Lucene search

K
cve[email protected]CVE-2021-37122
HistoryOct 27, 2021 - 1:15 a.m.

CVE-2021-37122

2021-10-2701:15:07
CWE-416
web.nvd.nist.gov
31
huawei
use-after-free
uaf
vulnerability
exploitation
service disruption
cloudengine 12800
cloudengine 5800
cloudengine 6800
cloudengine 7800
nvd
cve-2021-37122

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

20.2%

There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800.

Affected configurations

NVD
Node
huaweicloudengine_12800Match-
AND
huaweicloudengine_12800_firmwareMatchv200r005c10spc800
OR
huaweicloudengine_12800_firmwareMatchv200r019c00spc800
Node
huaweicloudengine_5800Match-
AND
huaweicloudengine_5800_firmwareMatchv200r005c10spc800
OR
huaweicloudengine_5800_firmwareMatchv200r019c00spc800
Node
huaweicloudengine_6800Match-
AND
huaweicloudengine_6800_firmwareMatchv200r005c10spc800
OR
huaweicloudengine_6800_firmwareMatchv200r005c20spc800
OR
huaweicloudengine_6800_firmwareMatchv200r019c00spc800
Node
huaweicloudengine_7800Match-
AND
huaweicloudengine_7800_firmwareMatchv200r005c10spc800
OR
huaweicloudengine_7800_firmwareMatchv200r019c00spc800

CNA Affected

[
  {
    "product": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V200R005C10SPC800,V200R019C00SPC800"
      },
      {
        "status": "affected",
        "version": "V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

20.2%

Related for CVE-2021-37122