Lucene search

K
cve[email protected]CVE-2021-37129
HistoryOct 27, 2021 - 1:15 a.m.

CVE-2021-37129

2021-10-2701:15:07
CWE-787
web.nvd.nist.gov
30
cve-2021-37129
vulnerability
out of bounds write
huawei
nvd
denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

38.9%

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20.

Affected configurations

NVD
Node
huaweiips_module_firmwareMatchv500r005c00
OR
huaweiips_module_firmwareMatchv500r005c20
AND
huaweiips_moduleMatch-
Node
huaweingfw_module_firmwareMatchv500r005c00
AND
huaweingfw_moduleMatch-
Node
huaweinip6600_firmwareMatchv500r005c00
OR
huaweinip6600_firmwareMatchv500r005c20
AND
huaweinip6600Match-
Node
huaweis12700_firmwareMatchv200r010c00spc600
OR
huaweis12700_firmwareMatchv200r011c10spc500
OR
huaweis12700_firmwareMatchv200r011c10spc600
OR
huaweis12700_firmwareMatchv200r013c00spc500
OR
huaweis12700_firmwareMatchv200r019c00spc200
OR
huaweis12700_firmwareMatchv200r019c00spc500
OR
huaweis12700_firmwareMatchv200r019c10spc200
OR
huaweis12700_firmwareMatchv200r020c00
OR
huaweis12700_firmwareMatchv200r020c10
AND
huaweis12700Match-
Node
huaweis1700_firmwareMatchv200r010c00spc600
OR
huaweis1700_firmwareMatchv200r011c10spc500
OR
huaweis1700_firmwareMatchv200r011c10spc600
AND
huaweis1700Match-
Node
huaweis2700_firmwareMatchv200r010c00spc600
OR
huaweis2700_firmwareMatchv200r011c10spc500
OR
huaweis2700_firmwareMatchv200r011c10spc600
AND
huaweis2700Match-
Node
huaweis5700_firmwareMatchv200r010c00spc600
OR
huaweis5700_firmwareMatchv200r010c00spc700
OR
huaweis5700_firmwareMatchv200r011c10spc500
OR
huaweis5700_firmwareMatchv200r011c10spc600
OR
huaweis5700_firmwareMatchv200r019c00spc500
AND
huaweis5700Match-
Node
huaweis6700_firmwareMatchv200r010c00spc600
OR
huaweis6700_firmwareMatchv200r011c10spc500
OR
huaweis6700_firmwareMatchv200r011c10spc600
AND
huaweis6700Match-
Node
huaweis7700_firmwareMatchv200r010c00spc600
OR
huaweis7700_firmwareMatchv200r010c00spc700
OR
huaweis7700_firmwareMatchv200r011c10spc500
OR
huaweis7700_firmwareMatchv200r011c10spc600
AND
huaweis7700Match-
Node
huaweis9700_firmwareMatchv200r010c00spc600
OR
huaweis9700_firmwareMatchv200r011c10spc500
OR
huaweis9700_firmwareMatchv200r011c10spc600
AND
huaweis9700Match-
Node
huaweiusg9500_firmwareMatchv500r005c00
OR
huaweiusg9500_firmwareMatchv500r005c20
AND
huaweiusg9500Match-

CNA Affected

[
  {
    "product": "IIPS Module;NGFW Module;NIP6600;S12700;S1700;S2700;S5700;S6700;S7700;S9700;USG9500",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V500R005C00,V500R005C20"
      },
      {
        "status": "affected",
        "version": "V500R005C00"
      },
      {
        "status": "affected",
        "version": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10"
      },
      {
        "status": "affected",
        "version": "V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600"
      },
      {
        "status": "affected",
        "version": "V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500"
      },
      {
        "status": "affected",
        "version": "V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

38.9%

Related for CVE-2021-37129