cnvd - cnvd-2021-84910

CNVD-2021-84910

Vulnerability from cnvd - Published: 2021-11-08

Title

多款Huawei产品信息泄露漏洞（CNVD-2021-84910）

Description

Huawei IPS Module是一款入侵防御系统（IPS）模块。Huawei USG9500是一款应用于大型环境的防火墙设备。多款Huawei产品存在信息泄露漏洞，该漏洞源于某块没有充分校验输入。具有高权限的攻击者可利用该漏洞通过执行某些操作可利用该漏洞，影响某些资源造成信息泄露。

Severity

中

Patch Name

多款Huawei产品信息泄露漏洞（CNVD-2021-84910）的补丁

Patch Description

Huawei IPS Module是一款入侵防御系统（IPS）模块。Huawei USG9500是一款应用于大型环境的防火墙设备。多款Huawei产品存在信息泄露漏洞，该漏洞源于某块没有充分校验输入。具有高权限的攻击者可利用该漏洞通过执行某些操作可利用该漏洞，影响某些资源造成信息泄露。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-infomationleak-en

Reference

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-infomationleak-en

Impacted products

Name
['Huawei USG9500 V500R001C00', 'Huawei USG9500 V500R001C50', 'Huawei USG9500 V500R001C00', 'Huawei USG9500 V500R001C20', 'Huawei USG9500 V500R001C30', 'Huawei USG9500 V500R001C50', 'Huawei USG9500 V500R001C30', 'Huawei USG9500 V500R001C60', 'Huawei SeMG9811 V500R005C00', 'Huawei USG9500 V500R005C00', 'Huawei NGFW Module V500R005C00', 'Huawei NGFW Module V500R005C10', 'Huawei USG9500 V500R005C10', 'Huawei IPS Module V500R005C00', 'Huawei IPS Module V500R005C10', 'Huawei USG9500 V500R001C60', 'Huawei IPS Module V500R005C20', 'Huawei USG9500 V500R005C20', 'Huawei NGFW Module V500R005C20']

Name

['Huawei USG9500 V500R001C00', 'Huawei USG9500 V500R001C50', 'Huawei USG9500 V500R001C00', 'Huawei USG9500 V500R001C20', 'Huawei USG9500 V500R001C30', 'Huawei USG9500 V500R001C50', 'Huawei USG9500 V500R001C30', 'Huawei USG9500 V500R001C60', 'Huawei SeMG9811 V500R005C00', 'Huawei USG9500 V500R005C00', 'Huawei NGFW Module V500R005C00', 'Huawei NGFW Module V500R005C10', 'Huawei USG9500 V500R005C10', 'Huawei IPS Module V500R005C00', 'Huawei IPS Module V500R005C10', 'Huawei USG9500 V500R001C60', 'Huawei IPS Module V500R005C20', 'Huawei USG9500 V500R005C20', 'Huawei NGFW Module V500R005C20']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22342",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-22342"
    }
  },
  "description": "Huawei IPS Module\u662f\u4e00\u6b3e\u5165\u4fb5\u9632\u5fa1\u7cfb\u7edf\uff08IPS\uff09\u6a21\u5757\u3002Huawei USG9500\u662f\u4e00\u6b3e\u5e94\u7528\u4e8e\u5927\u578b\u73af\u5883\u7684\u9632\u706b\u5899\u8bbe\u5907\u3002\n\n\u591a\u6b3eHuawei\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u67d0\u5757\u6ca1\u6709\u5145\u5206\u6821\u9a8c\u8f93\u5165\u3002\u5177\u6709\u9ad8\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6267\u884c\u67d0\u4e9b\u64cd\u4f5c\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\uff0c\u5f71\u54cd\u67d0\u4e9b\u8d44\u6e90\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-infomationleak-en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-84910",
  "openTime": "2021-11-08",
  "patchDescription": "Huawei IPS Module\u662f\u4e00\u6b3e\u5165\u4fb5\u9632\u5fa1\u7cfb\u7edf\uff08IPS\uff09\u6a21\u5757\u3002Huawei USG9500\u662f\u4e00\u6b3e\u5e94\u7528\u4e8e\u5927\u578b\u73af\u5883\u7684\u9632\u706b\u5899\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u67d0\u5757\u6ca1\u6709\u5145\u5206\u6821\u9a8c\u8f93\u5165\u3002\u5177\u6709\u9ad8\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6267\u884c\u67d0\u4e9b\u64cd\u4f5c\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\uff0c\u5f71\u54cd\u67d0\u4e9b\u8d44\u6e90\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eHuawei\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-84910\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei USG9500 V500R001C00",
      "Huawei USG9500 V500R001C50",
      "Huawei USG9500 V500R001C00",
      "Huawei USG9500 V500R001C20",
      "Huawei USG9500 V500R001C30",
      "Huawei USG9500 V500R001C50",
      "Huawei USG9500 V500R001C30",
      "Huawei USG9500 V500R001C60",
      "Huawei SeMG9811 V500R005C00",
      "Huawei USG9500 V500R005C00",
      "Huawei NGFW Module V500R005C00",
      "Huawei NGFW Module V500R005C10",
      "Huawei USG9500 V500R005C10",
      "Huawei IPS Module V500R005C00",
      "Huawei IPS Module V500R005C10",
      "Huawei USG9500 V500R001C60",
      "Huawei IPS Module V500R005C20",
      "Huawei USG9500 V500R005C20",
      "Huawei NGFW Module V500R005C20"
    ]
  },
  "referenceLink": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-infomationleak-en",
  "serverity": "\u4e2d",
  "submitTime": "2021-08-12",
  "title": "\u591a\u6b3eHuawei\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-84910\uff09"
}

CVE-2021-22342 (GCVE-0-2021-22342)

Vulnerability from cvelistv5 – Published: 2021-06-22 18:41 – Updated: 2024-08-03 18:37

Summary

There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20.

Severity ?

No CVSS data available.

CWE

Information Leak

Assigner

huawei

References

URL

Tags

https://www.huawei.com/en/psirt/security-advisori…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	IPS Module;NGFW Module;SeMG9811;USG9500	Affected: V500R005C00,V500R005C10,V500R005C20 Affected: V500R005C00 Affected: V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10,V500R005C20

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:37:18.546Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-infomationleak-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IPS Module;NGFW Module;SeMG9811;USG9500",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "V500R005C00,V500R005C10,V500R005C20"
            },
            {
              "status": "affected",
              "version": "V500R005C00"
            },
            {
              "status": "affected",
              "version": "V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10,V500R005C20"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-22T18:41:20",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-infomationleak-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2021-22342",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IPS Module;NGFW Module;SeMG9811;USG9500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V500R005C00,V500R005C10,V500R005C20"
                          },
                          {
                            "version_value": "V500R005C00,V500R005C10,V500R005C20"
                          },
                          {
                            "version_value": "V500R005C00"
                          },
                          {
                            "version_value": "V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10,V500R005C20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-infomationleak-en",
              "refsource": "MISC",
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-infomationleak-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2021-22342",
    "datePublished": "2021-06-22T18:41:20",
    "dateReserved": "2021-01-05T00:00:00",
    "dateUpdated": "2024-08-03T18:37:18.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-84910

CVE-2021-22342 (GCVE-0-2021-22342)

Tags

Sightings

Nomenclature