Weak Secure Algorithm in Huawei Products Exposes Information Leaks
CVE-2021-22356

5.9MEDIUM

Key Information:

Vendor: Huawei
Status: Ips Module;ngfw Module;secospace Usg6300;secospace Usg6500;secospace Usg6600;usg9500
Vendor: CVE Published:; 23 November 2021

What is CVE-2021-22356?

Huawei products suffer from a vulnerability due to the use of a weak secure algorithm in specific modules. This vulnerability allows attackers to exploit the communication messages exchanged between devices. By capturing and analyzing these messages, they can potentially access confidential information, leading to serious information leaks. The affected products encompass a wide range of IPS, NGFW, and Secospace USG modules across different versions, highlighting the need for immediate mitigation measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IPS Module;NGFW Module;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 V500R005C00SPC100,V500R005C00SPC200

IPS Module;NGFW Module;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2021
Vulnerability Reserved
Jan 5, 2021

JSON

Huawei

What is CVE-2021-22356?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.