CVE-2021-22338

5.3MEDIUM

Key Information:

Vendor: Huawei
Status: Ecns280
Vendor: CVE Published:; 29 June 2021

Summary

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service.

Affected Version(s)

eCNS280 V100R005C00,V100R005C10

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2021
Vulnerability Reserved
Jan 5, 2021