Out-of-Bounds Read Vulnerability in Huawei OpenHpi Software
CVE-2021-39995

6.5MEDIUM

Key Information:

Vendor: Huawei
Status: Ecns280 Td;ese620x Vess
Vendor: CVE Published:; 29 November 2021

What is CVE-2021-39995?

An out-of-bounds read vulnerability has been identified in certain Huawei products using OpenHpi software for hardware management. This flaw occurs in a function that processes data returned from OpenHpi, potentially allowing attackers to trigger a denial of service. Affected products include specific versions of eCNS280_TD and eSE620X. Users are encouraged to implement available patches to mitigate risks associated with this vulnerability.

Affected Version(s)

eCNS280_TD;eSE620X vESS V100R005C10

eCNS280_TD;eSE620X vESS V100R001C10SPC200,V100R001C20SPC200,V200R001C00SPC300

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 29, 2021
Vulnerability Reserved
Aug 23, 2021