Sign-up

ID

VAR-202110-1287


CVE

CVE-2021-37129


TITLE

plural  Huawei  Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-014145

DESCRIPTION

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20. plural Huawei The product contains a vulnerability related to out-of-bounds writes.Service operation interruption (DoS) It may be in a state. Huawei Ngfw Module is a firewall module of China's Huawei (Huawei) company. Huawei IPS Module is an intrusion prevention system (IPS) module of China's Huawei (Huawei) company. Huawei S5700, Huawei S12700, Huawei S2700 and Huawei S6700 are all enterprise-class switch products of China's Huawei (Huawei)

Trust: 2.16

sources: NVD: CVE-2021-37129 // JVNDB: JVNDB-2021-014145 // CNVD: CNVD-2021-83543

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-83543

AFFECTED PRODUCTS

vendor:huaweimodel:s2700scope:eqversion:v200r010c00spc600

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r019c10spc200

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r019c00spc500

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r011c10spc500

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r011c10spc600

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r011c10spc600

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r010c00spc600

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r010c00spc600

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r011c10spc600

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r011c10spc500

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r011c10spc500

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r010c00spc700

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r010c00spc600

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r010c00spc700

Trust: 1.0

vendor:huaweimodel:usg9500scope:eqversion:v500r005c20

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r010c00spc600

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r020c00

Trust: 1.0

vendor:huaweimodel:ips modulescope:eqversion:v500r005c20

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r020c10

Trust: 1.0

vendor:huaweimodel:s1700scope:eqversion:v200r011c10spc500

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r011c10spc500

Trust: 1.0

vendor:huaweimodel:s5700scope:eqversion:v200r019c00spc500

Trust: 1.0

vendor:huaweimodel:s6700scope:eqversion:v200r011c10spc500

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r011c10spc600

Trust: 1.0

vendor:huaweimodel:usg9500scope:eqversion:v500r005c00

Trust: 1.0

vendor:huaweimodel:nip6600scope:eqversion:v500r005c20

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r011c10spc600

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r019c00spc200

Trust: 1.0

vendor:huaweimodel:ngfw modulescope:eqversion:v500r005c00

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r010c00spc600

Trust: 1.0

vendor:huaweimodel:ips modulescope:eqversion:v500r005c00

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r010c00spc600

Trust: 1.0

vendor:huaweimodel:nip6600scope:eqversion:v500r005c00

Trust: 1.0

vendor:huaweimodel:s2700scope:eqversion:v200r011c10spc600

Trust: 1.0

vendor:huaweimodel:s7700scope:eqversion:v200r011c10spc600

Trust: 1.0

vendor:huaweimodel:s9700scope:eqversion:v200r011c10spc500

Trust: 1.0

vendor:huaweimodel:s12700scope:eqversion:v200r013c00spc500

Trust: 1.0

vendor:huaweimodel:ngfw modulescope: - version: -

Trust: 0.8

vendor:huaweimodel:ips modulescope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700scope: - version: -

Trust: 0.8

vendor:huaweimodel:nip6600scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s1700scope: - version: -

Trust: 0.8

vendor:huaweimodel:usg9500scope: - version: -

Trust: 0.8

vendor:huaweimodel:s2700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s6700 v200r010c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6600 v500r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:usg9500 v500r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ngfw module v500r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ips module v500r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ips module v500r005c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6600 v500r005c20scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r010c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r011c10spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r011c10spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r013c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r019c00spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r019c00spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r019c10spc200scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r020c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:s12700 v200r020c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r010c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r011c10spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s1700 v200r011c10spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r010c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r011c10spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s2700 v200r011c10spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r010c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r010c00spc700scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r011c10spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s5700 v200r011c10spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r011c10spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s6700 v200r011c10spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r010c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r010c00spc700scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r011c10spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s7700 v200r011c10spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r010c00spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r011c10spc500scope: - version: -

Trust: 0.6

vendor:huaweimodel:s9700 v200r011c10spc600scope: - version: -

Trust: 0.6

vendor:huaweimodel:usg9500 v500r005c20scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-83543 // JVNDB: JVNDB-2021-014145 // NVD: CVE-2021-37129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37129
value: HIGH

Trust: 1.0

NVD: CVE-2021-37129
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-83543
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202110-1063
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-37129
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-83543
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-37129
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37129
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-83543 // JVNDB: JVNDB-2021-014145 // CNNVD: CNNVD-202110-1063 // NVD: CVE-2021-37129

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-014145 // NVD: CVE-2021-37129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1063

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202110-1063

PATCH

title:huawei-sa-20211020-01-outofwriteurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en

Trust: 0.8

title:Patch for Multiple Huawei products out-of-bounds writing vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/296301

Trust: 0.6

title:Huawei Ngfw Module Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167816

Trust: 0.6

sources: CNVD: CNVD-2021-83543 // JVNDB: JVNDB-2021-014145 // CNNVD: CNNVD-202110-1063

EXTERNAL IDS

db:NVDid:CVE-2021-37129

Trust: 3.8

db:JVNDBid:JVNDB-2021-014145

Trust: 0.8

db:CNVDid:CNVD-2021-83543

Trust: 0.6

db:CS-HELPid:SB2021102123

Trust: 0.6

db:CNNVDid:CNNVD-202110-1063

Trust: 0.6

sources: CNVD: CNVD-2021-83543 // JVNDB: JVNDB-2021-014145 // CNNVD: CNNVD-202110-1063 // NVD: CVE-2021-37129

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-37129

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-cn

Trust: 1.2

url:https://www.cybersecurity-help.cz/vdb/sb2021102123

Trust: 0.6

sources: CNVD: CNVD-2021-83543 // JVNDB: JVNDB-2021-014145 // CNNVD: CNNVD-202110-1063 // NVD: CVE-2021-37129

CREDITS

The vulnerability was discovered by Huawei's internal testing

Trust: 0.6

sources: CNNVD: CNNVD-202110-1063

SOURCES

db:CNVDid:CNVD-2021-83543
db:JVNDBid:JVNDB-2021-014145
db:CNNVDid:CNNVD-202110-1063
db:NVDid:CVE-2021-37129

LAST UPDATE DATE

2024-08-14T14:25:09.293000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-83543date:2021-11-03T00:00:00
db:JVNDBid:JVNDB-2021-014145date:2022-10-06T04:50:00
db:CNNVDid:CNNVD-202110-1063date:2021-11-02T00:00:00
db:NVDid:CVE-2021-37129date:2021-10-28T17:04:45.680

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-83543date:2021-10-18T00:00:00
db:JVNDBid:JVNDB-2021-014145date:2022-10-06T00:00:00
db:CNNVDid:CNNVD-202110-1063date:2021-10-15T00:00:00
db:NVDid:CVE-2021-37129date:2021-10-27T01:15:07.763