Details of VAR-202104-0440

ID

VAR-202104-0440

CVE

CVE-2021-22312

TITLE

Multiple Huawei products Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202102-1033

DESCRIPTION

There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500

Trust: 0.99

sources: NVD: CVE-2021-22312 // VULMON: CVE-2021-22312

AFFECTED PRODUCTS

vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r005c00spc200	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r005c00spc200	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r005c00spc200	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r005c00spc100	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r005c00spc200	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c30spc600	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c30spc200	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c30spc600	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc600	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r005c00spc100	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r005c00spc100	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r005c00spc200	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c30spc200	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r005c00spc200	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc200	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c30spc600	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c30spc200	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c30spc600	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r005c00spc100	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00spc100	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c30spc600	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c30spc200	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c30spc200	Trust: 1.0
vendor:	huawei	model:	ips module	scope:	eq	version:	v500r005c00spc200	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r005c00spc100	Trust: 1.0
vendor:	huawei	model:	ips6000e	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r005c00spc100	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r005c00spc100	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30spc600	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30spc200	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r005c00spc200	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r005c00spc100	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	usg6000e	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	nip6000e	scope:	eq	version:	v600r006c00	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00spc200	Trust: 1.0

sources: NVD: CVE-2021-22312

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22312
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202102-1033
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-22312
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22312
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2021-22312
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2021-22312 // CNNVD: CNNVD-202102-1033 // NVD: CVE-2021-22312

PROBLEMTYPE DATA

problemtype:

CWE-401

Trust: 1.0

sources: NVD: CVE-2021-22312

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1033

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202102-1033

PATCH

title:

A variety of Huawei products Buffer error vulnerability fix

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142806

Trust: 0.6

sources: CNNVD: CNNVD-202102-1033

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22312	Trust: 1.7
db:	CNNVD	id:	CNNVD-202102-1033	Trust: 0.6
db:	VULMON	id:	CVE-2021-22312	Trust: 0.1

sources: VULMON: CVE-2021-22312 // CNNVD: CNNVD-202102-1033 // NVD: CVE-2021-22312

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-memoryleak-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22312	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210210-01-memoryleak-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/401.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-22312 // CNNVD: CNNVD-202102-1033 // NVD: CVE-2021-22312

SOURCES

db:	VULMON	id:	CVE-2021-22312
db:	CNNVD	id:	CNNVD-202102-1033
db:	NVD	id:	CVE-2021-22312

LAST UPDATE DATE

2024-11-23T22:44:14.451000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-22312	date:	2021-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202102-1033	date:	2021-04-22T00:00:00
db:	NVD	id:	CVE-2021-22312	date:	2024-11-21T05:49:53.430

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-22312	date:	2021-04-08T00:00:00
db:	CNNVD	id:	CNNVD-202102-1033	date:	2021-02-10T00:00:00
db:	NVD	id:	CVE-2021-22312	date:	2021-04-08T19:15:12.727