Memory Leak Vulnerability in Huawei Network Security Products
CVE-2021-22312

6.5MEDIUM

Key Information:

Vendor: Huawei
Status: Ips Module;ngfw Module;secospace Usg6300;secospace Usg6500;secospace Usg6600;usg9500
Vendor: CVE Published:; 8 April 2021

Summary

A memory leak vulnerability exists in multiple Huawei network products. An authenticated remote attacker can exploit this flaw by sending specially crafted messages, which prevents proper memory deallocation. This exploitation can lead to abnormal service behavior, adversely affecting the performance and reliability of impacted devices like the IPS Module and several Secospace USG models.

Affected Version(s)

IPS Module;NGFW Module;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 V500R005C00SPC100,V500R005C00SPC200

IPS Module;NGFW Module;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2021
Vulnerability Reserved
Jan 5, 2021