Details of VAR-202108-0287

ID

VAR-202108-0287

CVE

CVE-2021-22357

TITLE

plural Huawei Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-011011

DESCRIPTION

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions include: S12700 V200R013C00SPC500, V200R019C00SPC500; S5700 V200R013C00SPC500, V200R019C00SPC500; S6700 V200R013C00SPC500, V200R019C00SPC500; S7700 V200R013C00SPC500, V200R019C00SPC500. plural Huawei product There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Huawei S12700 is an enterprise-class switch product of China's Huawei (Huawei) company. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-22357 // JVNDB: JVNDB-2021-011011 // CNVD: CNVD-2021-100798 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-22357

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-100798

AFFECTED PRODUCTS

vendor:	huawei	model:	s6700	scope:	eq	version:	v200r013c00spc500	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r019c00spc500	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r019c00spc500	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	eq	version:	v200r019c00spc500	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r013c00spc500	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r013c00spc500	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r019c00spc500	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	eq	version:	v200r013c00spc500	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s6700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s12700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s7700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s12700 v200r013c00spc500	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	s12700 v200r019c00spc500	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-100798 // JVNDB: JVNDB-2021-011011 // NVD: CVE-2021-22357

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22357
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22357
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-100798
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1353
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-22357
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22357
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-100798
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22357
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22357
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-100798 // VULMON: CVE-2021-22357 // JVNDB: JVNDB-2021-011011 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1353 // NVD: CVE-2021-22357

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-011011 // NVD: CVE-2021-22357

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1353

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	huawei-sa-20210512-01-dos	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210512-01-dos-en	Trust: 0.8
title:	Patch for Huawei S12700 Input Verification Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/308116	Trust: 0.6
title:	Huawei S12700 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151503	Trust: 0.6

sources: CNVD: CNVD-2021-100798 // JVNDB: JVNDB-2021-011011 // CNNVD: CNNVD-202105-1353

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22357	Trust: 3.9
db:	CS-HELP	id:	SB2021052111	Trust: 1.2
db:	JVNDB	id:	JVNDB-2021-011011	Trust: 0.8
db:	CNVD	id:	CNVD-2021-100798	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1353	Trust: 0.6
db:	VULMON	id:	CVE-2021-22357	Trust: 0.1

sources: CNVD: CNVD-2021-100798 // VULMON: CVE-2021-22357 // JVNDB: JVNDB-2021-011011 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1353 // NVD: CVE-2021-22357

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210512-01-dos-en	Trust: 1.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021052111	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22357	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-100798 // VULMON: CVE-2021-22357 // JVNDB: JVNDB-2021-011011 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1353 // NVD: CVE-2021-22357

SOURCES

db:	CNVD	id:	CNVD-2021-100798
db:	VULMON	id:	CVE-2021-22357
db:	JVNDB	id:	JVNDB-2021-011011
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1353
db:	NVD	id:	CVE-2021-22357

LAST UPDATE DATE

2024-08-14T12:44:40.394000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-100798	date:	2021-12-20T00:00:00
db:	VULMON	id:	CVE-2021-22357	date:	2021-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-011011	date:	2022-07-14T06:10:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1353	date:	2021-08-31T00:00:00
db:	NVD	id:	CVE-2021-22357	date:	2021-08-30T16:25:11.197

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-100798	date:	2021-12-20T00:00:00
db:	VULMON	id:	CVE-2021-22357	date:	2021-08-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-011011	date:	2022-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1353	date:	2021-05-21T00:00:00
db:	NVD	id:	CVE-2021-22357	date:	2021-08-23T20:15:14.197