Insecure Algorithm Vulnerability in Huawei USG9500, USG9520, USG9560, USG9580 Products
CVE-2021-22309

7.5HIGH

Key Information:

Vendor: Huawei
Status: Usg9500,usg9520,usg9560,usg9580
Vendor: CVE Published:; 22 March 2021

Summary

Huawei products exhibit an insecure algorithm vulnerability where a module implements a secure mechanism with insufficient randomness in its input. This flaw enables attackers to execute brute force attacks, potentially exposing sensitive messages leading to unauthorized information leakage. Affected models include multiple versions of the USG9500, USG9520, USG9560, and USG9580 series, emphasizing the need for immediate patching to mitigate risks and safeguard sensitive data.

Affected Version(s)

USG9500,USG9520,USG9560,USG9580 V500R001C30SPC200,V500R001C60SPC500,V500R005C00SPC200

USG9500,USG9520,USG9560,USG9580 V500R005C00

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2021
Vulnerability Reserved
Jan 5, 2021