Weak Secure Algorithm in Huawei Products Exposes Information Leaks
CVE-2021-22356

5.9MEDIUM

Key Information:

Vendor: Huawei
Status: Ips Module;ngfw Module;secospace Usg6300;secospace Usg6500;secospace Usg6600;usg9500
Vendor: CVE Published:; 23 November 2021

Summary

Huawei products suffer from a vulnerability due to the use of a weak secure algorithm in specific modules. This vulnerability allows attackers to exploit the communication messages exchanged between devices. By capturing and analyzing these messages, they can potentially access confidential information, leading to serious information leaks. The affected products encompass a wide range of IPS, NGFW, and Secospace USG modules across different versions, highlighting the need for immediate mitigation measures.

Affected Version(s)

IPS Module;NGFW Module;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 V500R005C00SPC100,V500R005C00SPC200

IPS Module;NGFW Module;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500 V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2021
Vulnerability Reserved
Jan 5, 2021