FKIE_CVE-2021-22362

Vulnerability from fkie_nvd - Published: 2021-05-27 13:15 - Updated: 2024-11-21 05:49
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions include:CloudEngine 12800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 5800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800@;CloudEngine 6800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 7800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800.
References
psirt@huawei.comhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-cloudengine-enVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-cloudengine-enVendor Advisory
Impacted products
Vendor Product Version
huawei cloudengine_12800_firmware v200r002c50spc800
huawei cloudengine_12800_firmware v200r003c00spc810
huawei cloudengine_12800_firmware v200r005c00spc800
huawei cloudengine_12800_firmware v200r005c10spc800
huawei cloudengine_12800_firmware v200r019c00spc800
huawei cloudengine_12800_firmware v200r019c10spc800
huawei cloudengine_12800 -
huawei cloudengine_5800_firmware v200r002c50spc800
huawei cloudengine_5800_firmware v200r003c00spc810
huawei cloudengine_5800_firmware v200r005c00spc800
huawei cloudengine_5800_firmware v200r005c10spc800
huawei cloudengine_5800_firmware v200r019c00spc800
huawei cloudengine_5800_firmware v200r019c10spc800
huawei cloudengine_5800 -
huawei cloudengine_6800_firmware v200r002c50spc800
huawei cloudengine_6800_firmware v200r003c00spc810
huawei cloudengine_6800_firmware v200r005c00spc800
huawei cloudengine_6800_firmware v200r005c10spc800
huawei cloudengine_6800_firmware v200r005c20spc800
huawei cloudengine_6800_firmware v200r019c00spc800
huawei cloudengine_6800_firmware v200r019c10spc800
huawei cloudengine_6800 -
huawei cloudengine_7800_firmware v200r002c50spc800
huawei cloudengine_7800_firmware v200r003c00spc810
huawei cloudengine_7800_firmware v200r005c00spc800
huawei cloudengine_7800_firmware v200r005c10spc800
huawei cloudengine_7800_firmware v200r019c00spc800
huawei cloudengine_7800_firmware v200r019c10spc800
huawei cloudengine_7800 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A1D568-48C6-4CE4-8CD2-93F79F484448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
              "matchCriteriaId": "32438232-3341-4056-B801-AA8F0F9E8DEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "32EF3B57-0B07-40C0-943D-2C21EEE4D747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6A9B879-DBF0-4F31-9BF8-7148BC2FCED5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "067ADFDC-B001-4270-9CA2-37F670B3BFAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "2601F8EC-A011-4614-80CA-3A01D80D9B7B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE8A2875-0F7E-4790-A925-5999396B7578",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "C78467A9-4091-4710-BFB8-A6FB0606BDF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB2923DC-9667-46F3-B879-C8C1DAECCC6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA3C214-FBB1-428A-8C0B-DF797296FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "38CAD360-6AD5-4714-91BE-0AAB516EDA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c00spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCFEB001-EFF7-47AC-B67E-7B807780F009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c10spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7B76265-8C33-43A6-AAA7-7521B95F1C57",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8FD775C-F6B6-42B3-942E-EB4DC889B5F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D33183-3C97-4EA6-90F7-55ED36F710E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA5CC84F-27DD-4D5E-8F28-CD7D12EAD2D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5DDE2E-B7B3-4D7A-A3EA-C15F968F1186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "369FD60C-215C-4172-9CFC-39AD5492BE17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c20spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAC7C877-066F-4FB8-9AB7-D038CE6E5D8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c00spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D96A7C4-88BE-4353-AC75-AF6841EEB6F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c10spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A16DF-B995-417E-AE19-DFF9CC499D7B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F2B3CC-12AD-466D-98F9-0C09C7C053CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "14C55E1D-E4E8-4E8F-8D3E-E3A72C5A45D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D64B7D-AA9B-476B-8389-617799BAC702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "72424532-AB07-47DF-8301-275D6EC2F6D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "4196899F-1AB3-429A-B334-3B059DFBCAFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c00spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA12B395-7D70-445A-B0FD-47363787D1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c10spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "512A374E-09BE-4ACD-9F87-C1752C882778",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05E858C-A3D8-4BF1-A750-CFD8C949ABF0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions include:CloudEngine 12800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 5800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800@;CloudEngine 6800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 7800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de escritura fuera de l\u00edmites en algunos productos de Huawei.\u0026#xa0;Un atacante puede explotar esta vulnerabilidad mediante el env\u00edo datos dise\u00f1ados en el paquete hacia el dispositivo destino.\u0026#xa0;Debido a una comprobaci\u00f3n insuficiente de mensaje, una explotaci\u00f3n con \u00e9xito puede causar una determinada anormalidad en el servicio .Las versiones afectadas de los productos incluyen: CloudEngine 12800 versiones V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800, V200R019C10SPC800; CloudEngine 5800 versiones V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800, V200R019C10SPC800 @ ; CloudEngine 6800 versiones V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800, V200R019C10SPC800; CloudEngine 7800 versiones V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800"
    }
  ],
  "id": "CVE-2021-22362",
  "lastModified": "2024-11-21T05:49:58.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-27T13:15:07.977",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-cloudengine-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-cloudengine-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.