CVE-2021-22312

6.5MEDIUM

Key Information:

Vendor: Huawei
Status: Ips Module;ngfw Module;secospace Usg6300;secospace Usg6500;secospace Usg6600;usg9500
Vendor: CVE Published:; 8 April 2021

Summary

There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

Affected Version(s)

IPS Module;NGFW Module;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 V500R005C00SPC100,V500R005C00SPC200

IPS Module;NGFW Module;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2021
Vulnerability Reserved
Jan 5, 2021