Use-After-Free Vulnerability in Huawei Networking Products
CVE-2021-22321

5.3MEDIUM

Key Information:

Vendor: Huawei
Status: Nip6600;nip6800;s12700;s1700;s2700;s5700;s6700;s7700;s9700;secospace Usg6300;secospace Usg6500;secospace Usg6600;usg9500
Vendor: CVE Published:; 22 March 2021

Summary

A use-after-free vulnerability exists in specific Huawei networking products, where certain modules fail to handle particular operations correctly under unique conditions. This flaw allows attackers to exploit the vulnerability by executing malicious operations, which can lead to memory corruption and the potential compromise of normal service operations. Affected products encompass various series, including NIP6300, NIP6600, S1700, S2700, and several others in their networking range.

Affected Version(s)

NIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 V500R001C30,V500R001C60

NIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 V500R001C30

NIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 V500R001C60

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2021
Vulnerability Reserved
Jan 5, 2021