Lucene search

K
cve[email protected]CVE-2021-37129
HistoryOct 27, 2021 - 1:15 a.m.

CVE-2021-37129

2021-10-2701:15:07
CWE-787
web.nvd.nist.gov
30
cve-2021-37129
vulnerability
out of bounds write
huawei
nvd
denial of service

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

39.0%

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20.

Affected configurations

NVD
Node
huaweiips_module_firmwareMatchv500r005c00
OR
huaweiips_module_firmwareMatchv500r005c20
AND
huaweiips_moduleMatch-
Node
huaweingfw_module_firmwareMatchv500r005c00
AND
huaweingfw_moduleMatch-
Node
huaweinip6600_firmwareMatchv500r005c00
OR
huaweinip6600_firmwareMatchv500r005c20
AND
huaweinip6600Match-
Node
huaweis12700_firmwareMatchv200r010c00spc600
OR
huaweis12700_firmwareMatchv200r011c10spc500
OR
huaweis12700_firmwareMatchv200r011c10spc600
OR
huaweis12700_firmwareMatchv200r013c00spc500
OR
huaweis12700_firmwareMatchv200r019c00spc200
OR
huaweis12700_firmwareMatchv200r019c00spc500
OR
huaweis12700_firmwareMatchv200r019c10spc200
OR
huaweis12700_firmwareMatchv200r020c00
OR
huaweis12700_firmwareMatchv200r020c10
AND
huaweis12700Match-
Node
huaweis1700_firmwareMatchv200r010c00spc600
OR
huaweis1700_firmwareMatchv200r011c10spc500
OR
huaweis1700_firmwareMatchv200r011c10spc600
AND
huaweis1700Match-
Node
huaweis2700_firmwareMatchv200r010c00spc600
OR
huaweis2700_firmwareMatchv200r011c10spc500
OR
huaweis2700_firmwareMatchv200r011c10spc600
AND
huaweis2700Match-
Node
huaweis5700_firmwareMatchv200r010c00spc600
OR
huaweis5700_firmwareMatchv200r010c00spc700
OR
huaweis5700_firmwareMatchv200r011c10spc500
OR
huaweis5700_firmwareMatchv200r011c10spc600
OR
huaweis5700_firmwareMatchv200r019c00spc500
AND
huaweis5700Match-
Node
huaweis6700_firmwareMatchv200r010c00spc600
OR
huaweis6700_firmwareMatchv200r011c10spc500
OR
huaweis6700_firmwareMatchv200r011c10spc600
AND
huaweis6700Match-
Node
huaweis7700_firmwareMatchv200r010c00spc600
OR
huaweis7700_firmwareMatchv200r010c00spc700
OR
huaweis7700_firmwareMatchv200r011c10spc500
OR
huaweis7700_firmwareMatchv200r011c10spc600
AND
huaweis7700Match-
Node
huaweis9700_firmwareMatchv200r010c00spc600
OR
huaweis9700_firmwareMatchv200r011c10spc500
OR
huaweis9700_firmwareMatchv200r011c10spc600
AND
huaweis9700Match-
Node
huaweiusg9500_firmwareMatchv500r005c00
OR
huaweiusg9500_firmwareMatchv500r005c20
AND
huaweiusg9500Match-

CNA Affected

[
  {
    "product": "IIPS Module;NGFW Module;NIP6600;S12700;S1700;S2700;S5700;S6700;S7700;S9700;USG9500",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V500R005C00,V500R005C20"
      },
      {
        "status": "affected",
        "version": "V500R005C00"
      },
      {
        "status": "affected",
        "version": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10"
      },
      {
        "status": "affected",
        "version": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600"
      },
      {
        "status": "affected",
        "version": "V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500"
      },
      {
        "status": "affected",
        "version": "V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600"
      }
    ]
  }
]

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

39.0%

Related for CVE-2021-37129