Details of VAR-202111-1479

ID

VAR-202111-1479

CVE

CVE-2021-39995

TITLE

eCNS280_TD and eSE620X vESS Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015537

DESCRIPTION

Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. eCNS280_TD and eSE620X vESS Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Huawei ESE620X vESS is a virtual enterprise service controller. eCNS280_TD is the core network equipment of the wireless broadband trunking system

Trust: 2.16

sources: NVD: CVE-2021-39995 // JVNDB: JVNDB-2021-015537 // CNVD: CNVD-2021-93832

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-93832

AFFECTED PRODUCTS

vendor:	huawei	model:	ese620x vess	scope:	eq	version:	v100r001c20spc200	Trust: 1.0
vendor:	huawei	model:	ese620x vess	scope:	eq	version:	v100r001c10spc200	Trust: 1.0
vendor:	huawei	model:	ecns280 td	scope:	eq	version:	v100r005c10	Trust: 1.0
vendor:	huawei	model:	ese620x vess	scope:	eq	version:	v200r001c00spc300	Trust: 1.0
vendor:	huawei	model:	ecns280 td	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ese620x vess	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	ecns280 td v100r005c10	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ese620x vess v100r001c10spc200	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ese620x vess v100r001c20spc200	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	ese620x vess v200r001c00spc300	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-93832 // JVNDB: JVNDB-2021-015537 // NVD: CVE-2021-39995

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-39995
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-39995
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-93832
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202111-2093
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-39995
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-93832
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-39995
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-39995
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-93832 // JVNDB: JVNDB-2021-015537 // CNNVD: CNNVD-202111-2093 // NVD: CVE-2021-39995

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-015537 // NVD: CVE-2021-39995

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-2093

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202111-2093

PATCH

title:	huawei-sa-20211124-03-dos	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en	Trust: 0.8
title:	Patch for Multiple Huawei products out-of-bounds read vulnerabilities (CNVD-2021-93832)	url:	https://www.cnvd.org.cn/patchInfo/show/301911	Trust: 0.6
title:	Huawei eCNS280_TD Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172376	Trust: 0.6

sources: CNVD: CNVD-2021-93832 // JVNDB: JVNDB-2021-015537 // CNNVD: CNNVD-202111-2093

EXTERNAL IDS

db:	NVD	id:	CVE-2021-39995	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-015537	Trust: 0.8
db:	CNVD	id:	CNVD-2021-93832	Trust: 0.6
db:	CS-HELP	id:	SB2021112501	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-2093	Trust: 0.6

sources: CNVD: CNVD-2021-93832 // JVNDB: JVNDB-2021-015537 // CNNVD: CNNVD-202111-2093 // NVD: CVE-2021-39995

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-39995	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en	Trust: 1.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021112501	Trust: 0.6

sources: CNVD: CNVD-2021-93832 // JVNDB: JVNDB-2021-015537 // CNNVD: CNNVD-202111-2093 // NVD: CVE-2021-39995

SOURCES

db:	CNVD	id:	CNVD-2021-93832
db:	JVNDB	id:	JVNDB-2021-015537
db:	CNNVD	id:	CNNVD-202111-2093
db:	NVD	id:	CVE-2021-39995

LAST UPDATE DATE

2024-08-14T14:37:49.220000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-93832	date:	2021-12-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-015537	date:	2022-11-24T05:02:00
db:	CNNVD	id:	CNNVD-202111-2093	date:	2021-12-08T00:00:00
db:	NVD	id:	CVE-2021-39995	date:	2021-11-30T20:08:19.907

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-93832	date:	2021-12-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-015537	date:	2022-11-24T00:00:00
db:	CNNVD	id:	CNNVD-202111-2093	date:	2021-11-25T00:00:00
db:	NVD	id:	CVE-2021-39995	date:	2021-11-29T16:15:07.447