Details of VAR-202102-0644

ID

VAR-202102-0644

CVE

CVE-2021-22304

TITLE

Taurus-AL00A Vulnerabilities in the use of freed memory

Trust: 0.8

sources: JVNDB: JVNDB-2021-003372

DESCRIPTION

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service. Taurus-AL00A Is vulnerable to the use of freed memory.Denial of service (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-22304 // JVNDB: JVNDB-2021-003372 // VULMON: CVE-2021-22304

AFFECTED PRODUCTS

vendor:	huawei	model:	taurus-al00a	scope:	eq	version:	10.0.0.1\(c00e1r1p1\)	Trust: 1.0
vendor:	huawei	model:	taurus-al00a	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	taurus-al00a	scope:	eq	version:	taurus-al00a firmware 10.0.0.1 (c00e1r1p1)	Trust: 0.8

sources: JVNDB: JVNDB-2021-003372 // NVD: CVE-2021-22304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22304
value:	LOW
Trust: 1.0
NVD:	CVE-2021-22304
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-202102-555
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2021-22304
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-22304
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22304
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-003372 // CNNVD: CNNVD-202102-555 // NVD: CVE-2021-22304

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-003372 // NVD: CVE-2021-22304

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-555

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202102-555

PATCH

title:	huawei-sa-20210127-03-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-03-smartphone-en	Trust: 0.8
title:	Huawei Taurus-AL00A Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141724	Trust: 0.6

sources: JVNDB: JVNDB-2021-003372 // CNNVD: CNNVD-202102-555

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22304	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-003372	Trust: 0.8
db:	CNNVD	id:	CNNVD-202102-555	Trust: 0.6
db:	VULMON	id:	CVE-2021-22304	Trust: 0.1

sources: VULMON: CVE-2021-22304 // JVNDB: JVNDB-2021-003372 // CNNVD: CNNVD-202102-555 // NVD: CVE-2021-22304

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-03-smartphone-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22304	Trust: 1.4
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-22304 // JVNDB: JVNDB-2021-003372 // CNNVD: CNNVD-202102-555 // NVD: CVE-2021-22304

SOURCES

db:	VULMON	id:	CVE-2021-22304
db:	JVNDB	id:	JVNDB-2021-003372
db:	CNNVD	id:	CNNVD-202102-555
db:	NVD	id:	CVE-2021-22304

LAST UPDATE DATE

2024-11-23T22:57:59.969000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-22304	date:	2021-02-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-003372	date:	2021-10-25T08:31:00
db:	CNNVD	id:	CNNVD-202102-555	date:	2021-02-18T00:00:00
db:	NVD	id:	CVE-2021-22304	date:	2024-11-21T05:49:52.550

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-22304	date:	2021-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-003372	date:	2021-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202102-555	date:	2021-02-05T00:00:00
db:	NVD	id:	CVE-2021-22304	date:	2021-02-06T03:15:12.890