Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20210526-02-OUTBOUNDS
HistoryMay 26, 2021 - 12:00 a.m.

Security Advisory - Possible Out-Of-Bounds Read Vulnerability in Huawei Products

2021-05-2600:00:00
Huawei Technologies
www.huawei.com
30
out-of-bounds read
huawei
vulnerability id
cve-2021-22365
software updates

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS

0

Percentile

5.1%

JSON

There is an out of bounds read vulnerability in some Huawei products. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal. (Vulnerability ID: HWPSIRT-2020-50914)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-22365.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210526-02-outbounds-en&gt;

Affected configurations

Vulners
Node
huaweiese620x_vess_firmwareMatchv100r001c10spc200
OR
huaweiese620x_vess_firmwareMatchv100r001c20spc200
OR
huaweiese620x_vess_firmwareMatchv200r001c00spc300
VendorProductVersionCPE
huaweiese620x_vess_firmwarev100r001c10spc200cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:*:*:*:*:*:*:*
huaweiese620x_vess_firmwarev100r001c20spc200cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:*:*:*:*:*:*:*
huaweiese620x_vess_firmwarev200r001c00spc300cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:*:*:*:*:*:*:*

Related

cvelist 1
nvd 1
prion 1
cnvd 1
cve 1
cvelist
cvelist
CVE-2021-22365
2021-06-22 17:46:09
nvd
nvd
CVE-2021-22365
2021-06-22 18:15:08
prion
prion
Input validation
2021-06-22 18:15:00
cnvd
cnvd
Huawei ESE620X vESS Buffer Overflow Vulnerability (CNVD-2021-100796)
2021-06-01 00:00:00
cve
cve
CVE-2021-22365
2021-06-22 18:15:08

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS

0

Percentile

5.1%

JSON
Related for HUAWEI-SA-20210526-02-OUTBOUNDS
cvelist1nvd1prion1cnvd1cve1