Denial of Service Vulnerability in Huawei Network Modules
CVE-2021-22320

7.5HIGH

Key Information:

Vendor: Huawei
Status: Ips Module;ngfw Module;nip6600;nip6800;secospace Usg6300;secospace Usg6500;secospace Usg6600
Vendor: CVE Published:; 22 March 2021

Summary

A vulnerability exists in Huawei's network products, which allows attackers to exploit improper handling of specific messages by certain modules. By sending crafted malicious messages to an affected module, an attacker can trigger a denial of service condition, resulting in potential disruption and unavailability of the affected services. This vulnerability affects several Huawei network modules, including the IPS Module and various models within the Secospace series, potentially impacting network performance and security.

Affected Version(s)

IPS Module;NGFW Module;NIP6600;NIP6800;Secospace USG6300;Secospace USG6500;Secospace USG6600 V500R005C00SPC100,V500R005C00SPC200,V500R005C20SPC300

IPS Module;NGFW Module;NIP6600;NIP6800;Secospace USG6300;Secospace USG6500;Secospace USG6600 V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200,V500R005C20SPC300,V500R005C20SPC500

IPS Module;NGFW Module;NIP6600;NIP6800;Secospace USG6300;Secospace USG6500;Secospace USG6600 V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200,V500R005C20SPC300,V500R005C20SPC500

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2021
Vulnerability Reserved
Jan 5, 2021