Information Leak in Huawei Network Security Products
CVE-2021-22342

4.9MEDIUM

Key Information:

Vendor: Huawei
Status: Ips Module;ngfw Module;semg9811;usg9500
Vendor: CVE Published:; 22 June 2021

Summary

An information leak vulnerability exists in several Huawei network security products, where specific inputs are not adequately handled. This flaw allows attackers with high privileges to exploit the vulnerability through various operations, potentially leading to sensitive information exposure. The issue impacts various versions of the IPS Module, NGFW Module, SeMG9811, and USG9500 series.

Affected Version(s)

IPS Module;NGFW Module;SeMG9811;USG9500 V500R005C00,V500R005C10,V500R005C20

IPS Module;NGFW Module;SeMG9811;USG9500 V500R005C00

IPS Module;NGFW Module;SeMG9811;USG9500 V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10,V500R005C20

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 22, 2021
Vulnerability Reserved
Jan 5, 2021