Details of VAR-202105-0491

ID

VAR-202105-0491

CVE

CVE-2021-22360

TITLE

USG9500 Vulnerability in resource allocation without restrictions or throttling in

Trust: 0.8

sources: JVNDB: JVNDB-2021-007435

DESCRIPTION

There is a resource management error vulnerability in the verisions V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 of USG9500. An authentication attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices. USG9500 Is vulnerable to resource allocation without restrictions or throttling.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.16

sources: NVD: CVE-2021-22360 // JVNDB: JVNDB-2021-007435 // CNNVD: CNNVD-202104-975

AFFECTED PRODUCTS

vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00spc200	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00spc100	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	eq	version:	usg9500 firmware	Trust: 0.8

sources: JVNDB: JVNDB-2021-007435 // NVD: CVE-2021-22360

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22360
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22360
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1289
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-22360
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-22360
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22360
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-007435 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1289 // NVD: CVE-2021-22360

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.0
problemtype:	Allocation of resources without limits or throttling (CWE-770) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007435 // NVD: CVE-2021-22360

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1289

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	huawei-sa-20210519-01-resource	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-resource-en	Trust: 0.8
title:	Huawei USG9500 Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151492	Trust: 0.6

sources: JVNDB: JVNDB-2021-007435 // CNNVD: CNNVD-202105-1289

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22360	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-007435	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021052003	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1289	Trust: 0.6

sources: JVNDB: JVNDB-2021-007435 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1289 // NVD: CVE-2021-22360

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-resource-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22360	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052003	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210519-01-resource-cn	Trust: 0.6

sources: JVNDB: JVNDB-2021-007435 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1289 // NVD: CVE-2021-22360

SOURCES

db:	JVNDB	id:	JVNDB-2021-007435
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1289
db:	NVD	id:	CVE-2021-22360

LAST UPDATE DATE

2024-08-14T12:25:06.565000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-007435	date:	2022-02-10T08:59:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1289	date:	2021-06-08T00:00:00
db:	NVD	id:	CVE-2021-22360	date:	2021-06-07T14:18:51.833

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-007435	date:	2022-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1289	date:	2021-05-19T00:00:00
db:	NVD	id:	CVE-2021-22360	date:	2021-05-27T13:15:07.930