Lucene search

[email protected]NVD:CVE-2021-39995

HistoryNov 29, 2021 - 4:15 p.m.

CVE-2021-39995

2021-11-2916:15:07

CWE-125

[email protected]

web.nvd.nist.gov

huawei

openhpi

out-of-bounds read

denial of service

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON

Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300.

Affected configurations

Nvd

Node

huaweiecns280_td_firmwareMatchv100r005c10

AND

huaweiecns280_tdMatch-

Node

huaweiese620x_vess_firmwareMatchv100r001c10spc200

huaweiese620x_vess_firmwareMatchv100r001c20spc200

huaweiese620x_vess_firmwareMatchv200r001c00spc300

AND

huaweiese620x_vessMatch-

VendorProductVersionCPE
huaweiecns280_td_firmwarev100r005c10cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*
huaweiecns280_td-cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*
huaweiese620x_vess_firmwarev100r001c10spc200cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:*:*:*:*:*:*:*
huaweiese620x_vess_firmwarev100r001c20spc200cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:*:*:*:*:*:*:*
huaweiese620x_vess_firmwarev200r001c00spc300cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:*:*:*:*:*:*:*
huaweiese620x_vess-cpe:2.3:h:huawei:ese620x_vess:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	ecns280_td_firmware	v100r005c10	cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:::::::*
huawei	ecns280_td	-	cpe:2.3:h:huawei:ecns280_td:-:::::::*
huawei	ese620x_vess_firmware	v100r001c10spc200	cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:::::::*
huawei	ese620x_vess_firmware	v100r001c20spc200	cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:::::::*
huawei	ese620x_vess_firmware	v200r001c00spc300	cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:::::::*
huawei	ese620x_vess	-	cpe:2.3:h:huawei:ese620x_vess:-:::::::*

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON

Related for NVD:CVE-2021-39995

cve1 cvelist1 prion1 huawei1 cnvd1