Lucene search

[email protected]NVD:CVE-2021-22321

HistoryMar 22, 2021 - 8:15 p.m.

CVE-2021-22321

2021-03-2220:15:17

CWE-416

[email protected]

web.nvd.nist.gov

huawei

use-after-free

vulnerability

attackers

compromise

nip6300

nip6600

nip6800

s1700

s2700

s5700

s6700

s7700

s9700

secospace usg6300

secospace usg6500

secospace usg6600

usg9500

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

39.5%

JSON

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

Affected configurations

Nvd

Node

huaweinip6300_firmwareMatchv500r001c30

huaweinip6300_firmwareMatchv500r001c60

AND

huaweinip6300Match-

Node

huaweinip6600_firmwareMatchv500r001c30

AND

huaweinip6600Match-

Node

huaweinip6800_firmwareMatchv500r001c60

AND

huaweinip6800Match-

Node

huaweis12700_firmwareMatchv200r007c01

huaweis12700_firmwareMatchv200r007c01b102

huaweis12700_firmwareMatchv200r008c00

huaweis12700_firmwareMatchv200r010c00

huaweis12700_firmwareMatchv200r010c00spc300

huaweis12700_firmwareMatchv200r011c00

huaweis12700_firmwareMatchv200r011c00spc100

huaweis12700_firmwareMatchv200r011c10

AND

huaweis12700Match-

Node

huaweis1700_firmwareMatchv200r009c00spc200

huaweis1700_firmwareMatchv200r009c00spc500

huaweis1700_firmwareMatchv200r010c00

huaweis1700_firmwareMatchv200r010c00spc300

huaweis1700_firmwareMatchv200r011c00

huaweis1700_firmwareMatchv200r011c00spc100

huaweis1700_firmwareMatchv200r011c10

AND

huaweis1700Match-

Node

huaweis2700_firmwareMatchv200r008c00

huaweis2700_firmwareMatchv200r010c00

huaweis2700_firmwareMatchv200r010c00spc300

huaweis2700_firmwareMatchv200r011c00

huaweis2700_firmwareMatchv200r011c00spc100

huaweis2700_firmwareMatchv200r011c10

AND

huaweis2700Match-

Node

huaweis5700_firmwareMatchv200r008c00

huaweis5700_firmwareMatchv200r010c00

huaweis5700_firmwareMatchv200r010c00spc300

huaweis5700_firmwareMatchv200r011c00

huaweis5700_firmwareMatchv200r011c00spc100

huaweis5700_firmwareMatchv200r011c10

huaweis5700_firmwareMatchv200r011c10spc100

AND

huaweis5700Match-

Node

huaweis6700_firmwareMatchv200r008c00

huaweis6700_firmwareMatchv200r010c00

huaweis6700_firmwareMatchv200r010c00spc300

huaweis6700_firmwareMatchv200r011c00

huaweis6700_firmwareMatchv200r011c00spc100

huaweis6700_firmwareMatchv200r011c10

huaweis6700_firmwareMatchv200r011c10spc100

AND

huaweis6700Match-

Node

huaweis7700_firmwareMatchv200r008c00

huaweis7700_firmwareMatchv200r010c00

huaweis7700_firmwareMatchv200r010c00spc300

huaweis7700_firmwareMatchv200r011c00

huaweis7700_firmwareMatchv200r011c00spc100

huaweis7700_firmwareMatchv200r011c10

AND

huaweis7700Match-

Node

huaweis9700_firmwareMatchv200r007c01

huaweis9700_firmwareMatchv200r007c01b102

huaweis9700_firmwareMatchv200r008c00

huaweis9700_firmwareMatchv200r010c00

huaweis9700_firmwareMatchv200r010c00spc300

huaweis9700_firmwareMatchv200r011c00

huaweis9700_firmwareMatchv200r011c00spc100

huaweis9700_firmwareMatchv200r011c10

AND

huaweis9700Match-

Node

huaweisecospace_usg6300_firmwareMatchv500r001c30

huaweisecospace_usg6300_firmwareMatchv500r001c60

AND

huaweisecospace_usg6300Match-

Node

huaweisecospace_usg6500_firmwareMatchv500r001c30

huaweisecospace_usg6500_firmwareMatchv500r001c60

AND

huaweisecospace_usg6500Match-

Node

huaweisecospace_usg6600_firmwareMatchv500r001c30

huaweisecospace_usg6600_firmwareMatchv500r001c60

AND

huaweisecospace_usg6600Match-

Node

huaweiusg9500_firmwareMatchv500r001c30

huaweiusg9500_firmwareMatchv500r001c60

AND

huaweiusg9500Match-

VendorProductVersionCPE
huaweinip6300_firmwarev500r001c30cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*
huaweinip6300_firmwarev500r001c60cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:*:*:*:*:*:*:*
huaweinip6300-cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*
huaweinip6600_firmwarev500r001c30cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*
huaweinip6600-cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*
huaweinip6800_firmwarev500r001c60cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:*:*:*:*:*:*:*
huaweinip6800-cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*
huaweis12700_firmwarev200r007c01cpe:2.3:o:huawei:s12700_firmware:v200r007c01:*:*:*:*:*:*:*
huaweis12700_firmwarev200r007c01b102cpe:2.3:o:huawei:s12700_firmware:v200r007c01b102:*:*:*:*:*:*:*
huaweis12700_firmwarev200r008c00cpe:2.3:o:huawei:s12700_firmware:v200r008c00:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	nip6300_firmware	v500r001c30	cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:::::::*
huawei	nip6300_firmware	v500r001c60	cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:::::::*
huawei	nip6300	-	cpe:2.3:h:huawei:nip6300:-:::::::*
huawei	nip6600_firmware	v500r001c30	cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:::::::*
huawei	nip6600	-	cpe:2.3:h:huawei:nip6600:-:::::::*
huawei	nip6800_firmware	v500r001c60	cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:::::::*
huawei	nip6800	-	cpe:2.3:h:huawei:nip6800:-:::::::*
huawei	s12700_firmware	v200r007c01	cpe:2.3:o:huawei:s12700_firmware:v200r007c01:::::::*
huawei	s12700_firmware	v200r007c01b102	cpe:2.3:o:huawei:s12700_firmware:v200r007c01b102:::::::*
huawei	s12700_firmware	v200r008c00	cpe:2.3:o:huawei:s12700_firmware:v200r008c00:::::::*

Rows per page:

1-10 of 751

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-uaf-en

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

39.5%

JSON

Related for NVD:CVE-2021-22321

cvelist1 openvas1 prion1 huawei1 cve1