Details of VAR-202103-0513

ID

VAR-202103-0513

CVE

CVE-2021-22309

TITLE

plural Huawei Vulnerabilities in the use of cryptographic algorithms in products

Trust: 0.8

sources: JVNDB: JVNDB-2021-010258

DESCRIPTION

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00. plural Huawei The product contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained. Huawei USG9500, Huawei USG9520, Huawei USG9560, and Huawei USG9580 could allow a remote malicious user to obtain sensitive information, caused by an insecure algorithm

Trust: 1.71

sources: NVD: CVE-2021-22309 // JVNDB: JVNDB-2021-010258 // VULMON: CVE-2021-22309

AFFECTED PRODUCTS

vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc200	Trust: 1.0
vendor:	huawei	model:	usg9560	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	usg9520	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00spc200	Trust: 1.0
vendor:	huawei	model:	usg9580	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9580	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9520	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9560	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010258 // NVD: CVE-2021-22309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22309
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22309
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202102-218
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-22309
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-22309
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22309
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-010258 // CNNVD: CNNVD-202102-218 // NVD: CVE-2021-22309

PROBLEMTYPE DATA

problemtype:	CWE-330	Trust: 1.0
problemtype:	Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010258 // NVD: CVE-2021-22309

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-218

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202102-218

PATCH

title:	huawei-sa-20210202-01-fw	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210202-01-fw-en	Trust: 0.8
title:	Repair measures for multiple Huawei product information leaks	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140443	Trust: 0.6

sources: JVNDB: JVNDB-2021-010258 // CNNVD: CNNVD-202102-218

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22309	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-010258	Trust: 0.8
db:	CNNVD	id:	CNNVD-202102-218	Trust: 0.6
db:	VULMON	id:	CVE-2021-22309	Trust: 0.1

sources: VULMON: CVE-2021-22309 // JVNDB: JVNDB-2021-010258 // CNNVD: CNNVD-202102-218 // NVD: CVE-2021-22309

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210202-01-fw-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22309	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210202-01-fw-cn	Trust: 0.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/196186	Trust: 0.1

sources: VULMON: CVE-2021-22309 // JVNDB: JVNDB-2021-010258 // CNNVD: CNNVD-202102-218 // NVD: CVE-2021-22309

SOURCES

db:	VULMON	id:	CVE-2021-22309
db:	JVNDB	id:	JVNDB-2021-010258
db:	CNNVD	id:	CNNVD-202102-218
db:	NVD	id:	CVE-2021-22309

LAST UPDATE DATE

2024-11-23T23:01:04.341000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-22309	date:	2021-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-010258	date:	2022-06-28T06:51:00
db:	CNNVD	id:	CNNVD-202102-218	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-22309	date:	2024-11-21T05:49:53.087

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-22309	date:	2021-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-010258	date:	2022-06-28T00:00:00
db:	CNNVD	id:	CNNVD-202102-218	date:	2021-02-02T00:00:00
db:	NVD	id:	CVE-2021-22309	date:	2021-03-22T18:15:14.433