Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22312

There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

Published

2021-04-08T19:15:12.727

Last Modified

2024-11-21T05:49:53.430

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-401

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	ips_module_firmware	v500r005c00spc100	Yes
Operating System	huawei	ips_module_firmware	v500r005c00spc200	Yes
Hardware	huawei	ips_module	-	No
Operating System	huawei	ngfw_module_firmware	v500r005c00spc100	Yes
Operating System	huawei	ngfw_module_firmware	v500r005c00spc200	Yes
Hardware	huawei	ngfw_module	-	No
Operating System	huawei	secospace_usg6300_firmware	v500r001c30spc200	Yes
Operating System	huawei	secospace_usg6300_firmware	v500r001c30spc600	Yes
Operating System	huawei	secospace_usg6300_firmware	v500r001c60spc500	Yes
Operating System	huawei	secospace_usg6300_firmware	v500r005c00spc100	Yes
Operating System	huawei	secospace_usg6300_firmware	v500r005c00spc200	Yes
Hardware	huawei	secospace_usg6300	-	No
Operating System	huawei	secospace_usg6500_firmware	v500r001c30spc200	Yes
Operating System	huawei	secospace_usg6500_firmware	v500r001c30spc600	Yes
Operating System	huawei	secospace_usg6500_firmware	v500r001c60spc500	Yes
Operating System	huawei	secospace_usg6500_firmware	v500r005c00spc100	Yes
Operating System	huawei	secospace_usg6500_firmware	v500r005c00spc200	Yes
Hardware	huawei	secospace_usg6500	-	No
Operating System	huawei	secospace_usg6600_firmware	v500r001c30spc200	Yes
Operating System	huawei	secospace_usg6600_firmware	v500r001c30spc600	Yes
Operating System	huawei	secospace_usg6600_firmware	v500r001c60spc500	Yes
Operating System	huawei	secospace_usg6600_firmware	v500r005c00spc100	Yes
Operating System	huawei	secospace_usg6600_firmware	v500r005c00spc200	Yes
Hardware	huawei	secospace_usg6600	-	No
Operating System	huawei	usg9500_firmware	v500r001c30spc200	Yes
Operating System	huawei	usg9500_firmware	v500r001c30spc600	Yes
Operating System	huawei	usg9500_firmware	v500r001c60spc500	Yes
Operating System	huawei	usg9500_firmware	v500r005c00spc100	Yes
Operating System	huawei	usg9500_firmware	v500r005c00spc200	Yes
Hardware	huawei	usg9500	-	No
Operating System	huawei	nip6300_firmware	v500r001c30spc200	Yes
Operating System	huawei	nip6300_firmware	v500r001c30spc600	Yes
Operating System	huawei	nip6300_firmware	v500r001c60spc500	Yes
Operating System	huawei	nip6300_firmware	v500r005c00spc100	Yes
Operating System	huawei	nip6300_firmware	v500r005c00spc200	Yes
Hardware	huawei	nip6300	-	No
Operating System	huawei	nip6600_firmware	v500r001c30spc200	Yes
Operating System	huawei	nip6600_firmware	v500r001c30spc600	Yes
Operating System	huawei	nip6600_firmware	v500r001c60spc500	Yes
Operating System	huawei	nip6600_firmware	v500r005c00spc100	Yes
Operating System	huawei	nip6600_firmware	v500r005c00spc200	Yes
Hardware	huawei	nip6600	-	No
Operating System	huawei	nip6800_firmware	v500r001c30spc200	Yes
Operating System	huawei	nip6800_firmware	v500r001c30spc600	Yes
Operating System	huawei	nip6800_firmware	v500r001c60spc500	Yes
Operating System	huawei	nip6800_firmware	v500r005c00spc100	Yes
Operating System	huawei	nip6800_firmware	v500r005c00spc200	Yes
Hardware	huawei	nip6800	-	No
Operating System	huawei	usg6000e_firmware	v600r006c00	Yes
Hardware	huawei	usg6000e	-	No
Operating System	huawei	nip6000e_firmware	v600r006c00	Yes
Hardware	huawei	nip6000e	-	No
Operating System	huawei	ips6000e_firmware	v600r006c00	Yes
Hardware	huawei	ips6000e	-	No

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-memoryleak-en Vendor Advisory ([email protected])
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-memoryleak-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)