Details of VAR-202108-0293

ID

VAR-202108-0293

CVE

CVE-2021-22328

TITLE

plural huawei Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-011010

DESCRIPTION

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800. plural huawei There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state. Huawei CloudEngine 12800 is a 12800 series data center switch. Huawei Cloudengine 5800 is a 5800 series data center switch of China's Huawei (Huawei) company. Huawei CloudEngine 6800 is a 6800 series of 10 Gigabit Ethernet switches for data centers from China's Huawei

Trust: 2.25

sources: NVD: CVE-2021-22328 // JVNDB: JVNDB-2021-011010 // CNVD: CNVD-2021-84885 // VULMON: CVE-2021-22328

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-84885

AFFECTED PRODUCTS

vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r005c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine 5800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine 6800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine 7800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine v200r005c00spc800	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc800	scope:	eq	version:	5800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc800	scope:	eq	version:	6800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c00spc800	scope:	eq	version:	7800	Trust: 0.6

sources: CNVD: CNVD-2021-84885 // JVNDB: JVNDB-2021-011010 // NVD: CVE-2021-22328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22328
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22328
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-84885
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-1908
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-22328
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22328
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-84885
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22328
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22328
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-84885 // VULMON: CVE-2021-22328 // JVNDB: JVNDB-2021-011010 // CNNVD: CNNVD-202108-1908 // NVD: CVE-2021-22328

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-011010 // NVD: CVE-2021-22328

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1908

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-1908

PATCH

title:	huawei-sa-20210407-01-dos	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-dos-en	Trust: 0.8
title:	Patch for Denial of service vulnerabilities in multiple Huawei CloudEngine products	url:	https://www.cnvd.org.cn/patchInfo/show/297516	Trust: 0.6
title:	Huawei CloudEngine 6800 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161013	Trust: 0.6

sources: CNVD: CNVD-2021-84885 // JVNDB: JVNDB-2021-011010 // CNNVD: CNNVD-202108-1908

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22328	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-011010	Trust: 0.8
db:	CNVD	id:	CNVD-2021-84885	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-1908	Trust: 0.6
db:	VULMON	id:	CVE-2021-22328	Trust: 0.1

sources: CNVD: CNVD-2021-84885 // VULMON: CVE-2021-22328 // JVNDB: JVNDB-2021-011010 // CNNVD: CNNVD-202108-1908 // NVD: CVE-2021-22328

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-dos-en	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22328	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/755.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-84885 // VULMON: CVE-2021-22328 // JVNDB: JVNDB-2021-011010 // CNNVD: CNNVD-202108-1908 // NVD: CVE-2021-22328

SOURCES

db:	CNVD	id:	CNVD-2021-84885
db:	VULMON	id:	CVE-2021-22328
db:	JVNDB	id:	JVNDB-2021-011010
db:	CNNVD	id:	CNNVD-202108-1908
db:	NVD	id:	CVE-2021-22328

LAST UPDATE DATE

2024-08-14T14:37:58.247000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-84885	date:	2021-11-08T00:00:00
db:	VULMON	id:	CVE-2021-22328	date:	2021-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-011010	date:	2022-07-14T06:10:00
db:	CNNVD	id:	CNNVD-202108-1908	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-22328	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-84885	date:	2021-11-08T00:00:00
db:	VULMON	id:	CVE-2021-22328	date:	2021-08-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-011010	date:	2022-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-1908	date:	2021-08-23T00:00:00
db:	NVD	id:	CVE-2021-22328	date:	2021-08-23T20:15:13.613