CVE-2021-21724 (GCVE-0-2021-21724)

Vulnerability from cvelistv5 – Published: 2021-02-26 02:37 – Updated: 2024-08-03 18:23
VLAI?
Summary
A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1.
Severity ?
No CVSS data available.
CWE
  • Memory Leak
Assigner
zte
References
Impacted products
Vendor Product Version
n/a ZXR10 8900E Affected: all versions up to V3.03.20R2B30P1
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:23:28.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ZXR10 8900E",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "all versions up to V3.03.20R2B30P1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A ZTE product has a memory leak vulnerability. Due to the product\u0027s improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-26T02:37:07.000Z",
        "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "shortName": "zte"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@zte.com.cn",
          "ID": "CVE-2021-21724",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ZXR10 8900E",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all versions up to V3.03.20R2B30P1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A ZTE product has a memory leak vulnerability. Due to the product\u0027s improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory Leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584",
              "refsource": "MISC",
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
    "assignerShortName": "zte",
    "cveId": "CVE-2021-21724",
    "datePublished": "2021-02-26T02:37:07.000Z",
    "dateReserved": "2021-01-04T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:23:28.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-21724",
      "date": "2026-04-25",
      "epss": "0.00032",
      "percentile": "0.09238"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:zxr10_8900e_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.03.20r2b30p1\", \"matchCriteriaId\": \"2C146C38-AD84-44EE-BE6D-B70B0727DA35\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:zxr10_8900e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5526FC8B-9FB3-4618-BEEC-724210483383\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A ZTE product has a memory leak vulnerability. Due to the product\u0027s improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1.\"}, {\"lang\": \"es\", \"value\": \"Un producto ZTE presenta una vulnerabilidad de p\\u00e9rdida de la memoria.\u0026#xa0;Debido al manejo inapropiado de liberaci\\u00f3n de la memoria del producto en determinados escenarios, un atacante local con permisos de dispositivo atenu\\u00f3 repetidamente la se\\u00f1al \\u00f3ptica para causar p\\u00e9rdida de la memoria y un servicio anormal.\u0026#xa0;Esto afecta a: ZXR10 8900E, todas las versiones hasta V3.03.20R2B30P1\"}]",
      "id": "CVE-2021-21724",
      "lastModified": "2024-11-21T05:48:53.100",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-02-26T03:15:12.963",
      "references": "[{\"url\": \"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584\", \"source\": \"psirt@zte.com.cn\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@zte.com.cn",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-401\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-21724\",\"sourceIdentifier\":\"psirt@zte.com.cn\",\"published\":\"2021-02-26T03:15:12.963\",\"lastModified\":\"2024-11-21T05:48:53.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A ZTE product has a memory leak vulnerability. Due to the product\u0027s improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1.\"},{\"lang\":\"es\",\"value\":\"Un producto ZTE presenta una vulnerabilidad de p\u00e9rdida de la memoria.\u0026#xa0;Debido al manejo inapropiado de liberaci\u00f3n de la memoria del producto en determinados escenarios, un atacante local con permisos de dispositivo atenu\u00f3 repetidamente la se\u00f1al \u00f3ptica para causar p\u00e9rdida de la memoria y un servicio anormal.\u0026#xa0;Esto afecta a: ZXR10 8900E, todas las versiones hasta V3.03.20R2B30P1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:zxr10_8900e_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.03.20r2b30p1\",\"matchCriteriaId\":\"2C146C38-AD84-44EE-BE6D-B70B0727DA35\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:zxr10_8900e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5526FC8B-9FB3-4618-BEEC-724210483383\"}]}]}],\"references\":[{\"url\":\"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584\",\"source\":\"psirt@zte.com.cn\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.