CVE-2021-22309

7.5HIGH

Key Information:

Vendor: Huawei
Status: Usg9500,usg9520,usg9560,usg9580
Vendor: CVE Published:; 22 March 2021

Summary

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.

Affected Version(s)

USG9500,USG9520,USG9560,USG9580 V500R001C30SPC200,V500R001C60SPC500,V500R005C00SPC200

USG9500,USG9520,USG9560,USG9580 V500R005C00

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2021
Vulnerability Reserved
Jan 5, 2021