Details of VAR-202104-0410

ID

VAR-202104-0410

CVE

CVE-2021-22393

TITLE

Denial of service vulnerabilities in multiple Huawei CloudEngine products

Trust: 0.6

sources: CNVD: CNVD-2021-25949

DESCRIPTION

There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal service. Huawei CloudEngine 12800, etc. are all products of China's Huawei (Huawei) company. Huawei CloudEngine 12800 is a 12800 series data center switch. Huawei Cloudengine 5800 is a 5800 series data center switch. Huawei Cloudengine 6800 is a 6800 series data center switch

Trust: 1.53

sources: NVD: CVE-2021-22393 // CNVD: CNVD-2021-25949 // VULMON: CVE-2021-22393

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-25949

AFFECTED PRODUCTS

vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r003c00spc810	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r003c00spc810	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r002c50spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r003c00spc810	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r003c00spc810	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r002c50spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r002c50spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r002c50spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine v200r002c50spc800	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r003c00spc810	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc800	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c10spc800	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r002c50spc800	scope:	eq	version:	5800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r003c00spc810	scope:	eq	version:	5800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc800	scope:	eq	version:	5800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c10spc800	scope:	eq	version:	5800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r002c50spc800	scope:	eq	version:	6800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r003c00spc810	scope:	eq	version:	6800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc800	scope:	eq	version:	6800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c10spc800	scope:	eq	version:	6800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r002c50spc800	scope:	eq	version:	7800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r003c00spc810	scope:	eq	version:	7800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc800	scope:	eq	version:	7800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c10spc800	scope:	eq	version:	7800	Trust: 0.6

sources: CNVD: CNVD-2021-25949 // NVD: CVE-2021-22393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22393
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-25949
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202104-2089
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-22393
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22393
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-25949
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22393
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-25949 // VULMON: CVE-2021-22393 // CNNVD: CNNVD-202104-2089 // NVD: CVE-2021-22393

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2021-22393

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2089

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-2089

PATCH

title:	Patch for Denial of service vulnerabilities in multiple Huawei CloudEngine products	url:	https://www.cnvd.org.cn/patchInfo/show/256511	Trust: 0.6
title:	Huawei CloudEngine 6800 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149801	Trust: 0.6

sources: CNVD: CNVD-2021-25949 // CNNVD: CNNVD-202104-2089

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22393	Trust: 2.3
db:	CNVD	id:	CNVD-2021-25949	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-2089	Trust: 0.6
db:	VULMON	id:	CVE-2021-22393	Trust: 0.1

sources: CNVD: CNVD-2021-25949 // VULMON: CVE-2021-22393 // CNNVD: CNNVD-202104-2089 // NVD: CVE-2021-22393

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-dos-en	Trust: 1.7
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-2021324-01-dos-cn	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22393	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-25949 // VULMON: CVE-2021-22393 // CNNVD: CNNVD-202104-2089 // NVD: CVE-2021-22393

SOURCES

db:	CNVD	id:	CNVD-2021-25949
db:	VULMON	id:	CVE-2021-22393
db:	CNNVD	id:	CNNVD-202104-2089
db:	NVD	id:	CVE-2021-22393

LAST UPDATE DATE

2024-11-23T22:57:57.599000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-25949	date:	2021-04-08T00:00:00
db:	VULMON	id:	CVE-2021-22393	date:	2021-05-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-2089	date:	2021-05-10T00:00:00
db:	NVD	id:	CVE-2021-22393	date:	2024-11-21T05:50:02.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-25949	date:	2021-04-08T00:00:00
db:	VULMON	id:	CVE-2021-22393	date:	2021-04-28T00:00:00
db:	CNNVD	id:	CNNVD-202104-2089	date:	2021-04-28T00:00:00
db:	NVD	id:	CVE-2021-22393	date:	2021-04-28T12:15:08.287