Details of VAR-202105-0486

ID

VAR-202105-0486

CVE

CVE-2021-22362

TITLE

plural Huawei Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-007459

DESCRIPTION

There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions include:CloudEngine 12800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 5800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800@;CloudEngine 6800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 7800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800. plural Huawei The product contains a vulnerability related to out-of-bounds writing.Denial of service (DoS) It may be put into a state. Huawei CloudEngine 12800, etc. are all products of China's Huawei (Huawei) company. Huawei CloudEngine 12800 is a 12800 series data center switch. Huawei Cloudengine 5800 is a 5800 series data center switch. Huawei Cloudengine 6800 is a 6800 series data center switch. Huawei CloudEngine has a buffer error vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.7

sources: NVD: CVE-2021-22362 // JVNDB: JVNDB-2021-007459 // CNVD: CNVD-2021-36525 // CNNVD: CNNVD-202104-975

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-36525

AFFECTED PRODUCTS

vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r019c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r002c50spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r002c50spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r005c20spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r019c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r003c00spc810	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r019c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r019c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r019c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r003c00spc810	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r002c50spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r003c00spc810	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r019c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r019c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r019c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r002c50spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r003c00spc810	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine 7800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine 5800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine 12800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine	scope:	eq	version:	5800	Trust: 0.6
vendor:	huawei	model:	cloudengine	scope:	eq	version:	6800	Trust: 0.6

sources: CNVD: CNVD-2021-36525 // JVNDB: JVNDB-2021-007459 // NVD: CVE-2021-22362

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22362
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22362
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-36525
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1266
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-22362
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-36525
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22362
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22362
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-36525 // JVNDB: JVNDB-2021-007459 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1266 // NVD: CVE-2021-22362

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007459 // NVD: CVE-2021-22362

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1266

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	huawei-sa-20210519-01-cloudengine	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-cloudengine-en	Trust: 0.8
title:	Patch for Huawei CloudEngine buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/266481	Trust: 0.6
title:	Multiple Huawei Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153459	Trust: 0.6

sources: CNVD: CNVD-2021-36525 // JVNDB: JVNDB-2021-007459 // CNNVD: CNNVD-202105-1266

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22362	Trust: 3.8
db:	CS-HELP	id:	SB2021051929	Trust: 1.2
db:	JVNDB	id:	JVNDB-2021-007459	Trust: 0.8
db:	CNVD	id:	CNVD-2021-36525	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1266	Trust: 0.6

sources: CNVD: CNVD-2021-36525 // JVNDB: JVNDB-2021-007459 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1266 // NVD: CVE-2021-22362

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-cloudengine-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22362	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021051929	Trust: 1.2
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210519-01-cloudengine-cn	Trust: 0.6

sources: CNVD: CNVD-2021-36525 // JVNDB: JVNDB-2021-007459 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1266 // NVD: CVE-2021-22362

SOURCES

db:	CNVD	id:	CNVD-2021-36525
db:	JVNDB	id:	JVNDB-2021-007459
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1266
db:	NVD	id:	CVE-2021-22362

LAST UPDATE DATE

2024-08-14T12:29:20.622000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-36525	date:	2021-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-007459	date:	2022-02-14T07:26:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1266	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2021-22362	date:	2021-06-08T00:42:32.493

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-36525	date:	2021-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-007459	date:	2022-02-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1266	date:	2021-05-19T00:00:00
db:	NVD	id:	CVE-2021-22362	date:	2021-05-27T13:15:07.977