Insecure Algorithm Vulnerability in Huawei USG9500, USG9520, USG9560, USG9580 Products
CVE-2021-22309
7.5HIGH
Summary
Huawei products exhibit an insecure algorithm vulnerability where a module implements a secure mechanism with insufficient randomness in its input. This flaw enables attackers to execute brute force attacks, potentially exposing sensitive messages leading to unauthorized information leakage. Affected models include multiple versions of the USG9500, USG9520, USG9560, and USG9580 series, emphasizing the need for immediate patching to mitigate risks and safeguard sensitive data.
Affected Version(s)
USG9500,USG9520,USG9560,USG9580 V500R001C30SPC200,V500R001C60SPC500,V500R005C00SPC200
USG9500,USG9520,USG9560,USG9580 V500R005C00
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved