FKIE_CVE-2021-22312
Vulnerability from fkie_nvd - Published: 2021-04-08 19:15 - Updated: 2024-11-21 05:49
Severity ?
Summary
There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ips_module_firmware:v500r005c00spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4E285D-09FB-4123-B46A-E27818ADFFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ips_module_firmware:v500r005c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A659FF-6019-48F8-BF60-D9FC79682435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BAD43A3-730A-4ABC-89F0-DF93A06AA60F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA59256-7429-4D82-85FE-229EB033BDA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "E728C122-5732-48FF-910C-3241EABA3DE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "547D4A9A-6B57-4BBA-9FFE-CF50B9AC5DF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E3300-4E1E-433A-87D9-983F9C1CE2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30spc600:*:*:*:*:*:*:*",
"matchCriteriaId": "7D2F8A0A-AA2F-4144-923A-4B461B1A3E99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c60spc500:*:*:*:*:*:*:*",
"matchCriteriaId": "26CBEDA1-F057-489F-9255-C178272208CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r005c00spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA34227-DB8B-48DF-8150-5C6815B49FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r005c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "322A0123-38E6-4D84-97F1-15F983DC3725",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C281B511-7A27-4FC6-9427-AE5AD7C302F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA2444C-EE5E-4DFC-A9F8-4744059EF7DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30spc600:*:*:*:*:*:*:*",
"matchCriteriaId": "203B31A8-8C5C-42E8-8D4F-861F90FC16FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c60spc500:*:*:*:*:*:*:*",
"matchCriteriaId": "CF816E5F-2082-4460-ABF9-93726C5879A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r005c00spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DF54A7-6E29-4BB5-81FC-5EE75D892D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r005c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DA1F00-D38C-40AF-A14D-D5EE0B0A3751",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED6E342-26E7-45DF-AC3F-EFEBAE3DDDF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA7BE1F-853E-4CBA-8A90-BAEA0BCC6A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30spc600:*:*:*:*:*:*:*",
"matchCriteriaId": "B80E521E-1BFB-405E-9F8E-4A0734731FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c60spc500:*:*:*:*:*:*:*",
"matchCriteriaId": "5226BD96-2B00-469B-AADD-CD0541610BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB3FD6B-0EE4-4467-8BAE-AE52FB2906EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE67E91-7805-4CAA-89EE-9226CFBD731B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE469876-F873-4705-9760-097AE840A818",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BF5257-8CD1-4951-9C53-07B85D468F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc600:*:*:*:*:*:*:*",
"matchCriteriaId": "6E2CDEF7-F8C8-482E-B43D-DB3F0CE010F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c60spc500:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1EFB9D-5349-4EAF-9880-34F0D20011E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r005c00spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7369E3-5F3F-40D1-8690-95192131B683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r005c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA71C5D-4B11-401D-AEC9-907204C21476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6064BB-5E62-4D70-B933-05B5426EEE9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:nip6300_firmware:v500r001c30spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "42C2CAD1-543D-47E2-9B12-6B2E8538C8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6300_firmware:v500r001c30spc600:*:*:*:*:*:*:*",
"matchCriteriaId": "29134400-23E7-4888-B027-A29167E95693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6300_firmware:v500r001c60spc500:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE35922-612B-437B-8044-56FA301E73C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6300_firmware:v500r005c00spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "848014B8-8D79-48C3-8ED2-EA98378428F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6300_firmware:v500r005c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "0E86EACC-53A8-4216-80D4-BD1BB215E151",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E054182-CE33-45E3-8595-159A75BA5162",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FE889E-58A9-4D93-8054-7B845C44BDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30spc600:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2F5B2E-5233-4B9F-BA85-0D369C1A8805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6600_firmware:v500r001c60spc500:*:*:*:*:*:*:*",
"matchCriteriaId": "73B19CF4-92DF-4BB5-B9C7-76901EC5673C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6600_firmware:v500r005c00spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "AC26B79E-CBCD-4D93-A552-1A20B155F0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6600_firmware:v500r005c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "46A3FD77-200C-40D7-A31E-6D964F9A375E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8CA649-7AE1-497C-869B-B4DD315F342C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:nip6800_firmware:v500r001c30spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "024AA4AA-8A09-4E0B-81A0-76E2960A15FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6800_firmware:v500r001c30spc600:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB28A28-8766-4A28-B438-117944ABD294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6800_firmware:v500r001c60spc500:*:*:*:*:*:*:*",
"matchCriteriaId": "C38F1E7A-0347-4E45-A0B6-CB8CE0D8A07E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6800_firmware:v500r005c00spc100:*:*:*:*:*:*:*",
"matchCriteriaId": "954A1F94-2442-4064-9DC5-14EFC2FA62F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6800_firmware:v500r005c00spc200:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB70C7-8E9A-4538-A4FF-6FA820D895CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "875441DD-575F-4F4D-A6BD-23C38641D330",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg6000e_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "261DD2F0-5503-4939-9761-DA1219DD5633",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg6000e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821F3BBF-CFD5-41E5-9D30-9FEBA1EE4429",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:nip6000e_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "F666919C-2378-4D61-AF77-428F689E8071",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:nip6000e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F76C1B-1214-4A55-926C-AB0AF7333481",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ips6000e_firmware:v600r006c00:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D1B96D-834B-4B64-B026-AB2F156C8A67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ips6000e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "609D868B-E091-49BD-A632-54DB6BBC9092",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad filtrado de memoria en algunos productos de Huawei.\u0026#xa0;Un atacante remoto autenticado puede explotar esta vulnerabilidad mediante el env\u00edo de un mensaje espec\u00edfico al producto afectado.\u0026#xa0;Debido a que no se libera la memoria asignada apropiadamente, una explotaci\u00f3n con \u00e9xito puede causar que el servicio sea anormal.\u0026#xa0;Los productos afectados incluyen algunas versiones de IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 y USG9500"
}
],
"id": "CVE-2021-22312",
"lastModified": "2024-11-21T05:49:53.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-08T19:15:12.727",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-memoryleak-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-memoryleak-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…