Huawei TechnologiesHUAWEI-SA-20210602-01-CGPSecurity Advisory - Race Condition Vulnerability in Some Huawei Products
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.0%
There is a race condition vulnerability in some Huawei products. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal. (Vulnerability ID: HWPSIRT-2020-05257)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-22378.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-cgp-en>
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ecns280_td | eq | V100R005C00 | |
| ecns280_td | eq | V100R005C10 |
Related
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.0%