Lucene search

Huawei TechnologiesHUAWEI-SA-20210506-02-OUTOFBOUNDS

HistoryMay 06, 2021 - 12:00 a.m.

Security Advisory - Out-of-Bounds Write Vulnerability in Some Huawei Products

2021-05-0600:00:00

Huawei Technologies

www.huawei.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

28.6%

JSON

There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise the normal service of the module. (Vulnerability ID: HWPSIRT-2020-17416)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-22411.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210506-02-outofbounds-en>

Affected configurations

Vulners

Node

huaweingfw_moduleMatchV500R005C00SPC100

huaweingfw_moduleMatchV500R005C00SPC200

huaweisecospace_usg6300MatchV500R001C30SPC200

huaweisecospace_usg6300MatchV500R001C30SPC600

huaweisecospace_usg6300MatchV500R001C60SPC500

huaweisecospace_usg6300MatchV500R005C00SPC100

huaweisecospace_usg6300MatchV500R005C00SPC200

huaweisecospace_usg6500MatchV500R001C30SPC200

huaweisecospace_usg6500MatchV500R001C30SPC600

huaweisecospace_usg6500MatchV500R001C60SPC500

huaweisecospace_usg6500MatchV500R005C00SPC100

huaweisecospace_usg6500MatchV500R005C00SPC200

huaweisecospace_usg6600MatchV500R001C30SPC200

huaweisecospace_usg6600MatchV500R001C30SPC600

huaweisecospace_usg6600MatchV500R001C60SPC500

huaweisecospace_usg6600MatchV500R005C00SPC100

huaweisecospace_usg6600MatchV500R005C00SPC200

huaweiusg9500MatchV500R001C60SPC500

huaweiusg9500MatchV500R005C00SPC100

huaweiusg9500MatchV500R005C00SPC200

CPENameOperatorVersion
ngfw moduleeqV500R005C00SPC100
ngfw moduleeqV500R005C00SPC200
secospace usg6300eqV500R001C30SPC200
secospace usg6300eqV500R001C30SPC600
secospace usg6300eqV500R001C60SPC500
secospace usg6300eqV500R005C00SPC100
secospace usg6300eqV500R005C00SPC200
secospace usg6500eqV500R001C30SPC200
secospace usg6500eqV500R001C30SPC600
secospace usg6500eqV500R001C60SPC500

Name	Operator	Version
ngfw module	eq	V500R005C00SPC100
ngfw module	eq	V500R005C00SPC200
secospace usg6300	eq	V500R001C30SPC200
secospace usg6300	eq	V500R001C30SPC600
secospace usg6300	eq	V500R001C60SPC500
secospace usg6300	eq	V500R005C00SPC100
secospace usg6300	eq	V500R005C00SPC200
secospace usg6500	eq	V500R001C30SPC200
secospace usg6500	eq	V500R001C30SPC600
secospace usg6500	eq	V500R001C60SPC500

Rows per page:

1-10 of 201

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for HUAWEI-SA-20210506-02-OUTOFBOUNDS