Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-22321
HistoryMar 22, 2021 - 8:15 p.m.

CVE-2021-22321

2021-03-2220:15:17
CWE-416
[email protected]
web.nvd.nist.gov
36
2
huawei
product vulnerability
use-after-free
memory
nip6300
nip6600
nip6800
s1700
s2700
s5700
s6700
s7700
s9700
secospace usg6300
secospace usg6500
secospace usg6600
usg9500
nvd
cve-2021-22321

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

39.7%

JSON

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

Affected configurations

NVD
Node
huaweinip6300_firmwareMatchv500r001c30
OR
huaweinip6300_firmwareMatchv500r001c60
AND
huaweinip6300Match-
Node
huaweinip6600_firmwareMatchv500r001c30
AND
huaweinip6600Match-
Node
huaweinip6800_firmwareMatchv500r001c60
AND
huaweinip6800Match-
Node
huaweis12700_firmwareMatchv200r007c01
OR
huaweis12700_firmwareMatchv200r007c01b102
OR
huaweis12700_firmwareMatchv200r008c00
OR
huaweis12700_firmwareMatchv200r010c00
OR
huaweis12700_firmwareMatchv200r010c00spc300
OR
huaweis12700_firmwareMatchv200r011c00
OR
huaweis12700_firmwareMatchv200r011c00spc100
OR
huaweis12700_firmwareMatchv200r011c10
AND
huaweis12700Match-
Node
huaweis1700_firmwareMatchv200r009c00spc200
OR
huaweis1700_firmwareMatchv200r009c00spc500
OR
huaweis1700_firmwareMatchv200r010c00
OR
huaweis1700_firmwareMatchv200r010c00spc300
OR
huaweis1700_firmwareMatchv200r011c00
OR
huaweis1700_firmwareMatchv200r011c00spc100
OR
huaweis1700_firmwareMatchv200r011c10
AND
huaweis1700Match-
Node
huaweis2700_firmwareMatchv200r008c00
OR
huaweis2700_firmwareMatchv200r010c00
OR
huaweis2700_firmwareMatchv200r010c00spc300
OR
huaweis2700_firmwareMatchv200r011c00
OR
huaweis2700_firmwareMatchv200r011c00spc100
OR
huaweis2700_firmwareMatchv200r011c10
AND
huaweis2700Match-
Node
huaweis5700_firmwareMatchv200r008c00
OR
huaweis5700_firmwareMatchv200r010c00
OR
huaweis5700_firmwareMatchv200r010c00spc300
OR
huaweis5700_firmwareMatchv200r011c00
OR
huaweis5700_firmwareMatchv200r011c00spc100
OR
huaweis5700_firmwareMatchv200r011c10
OR
huaweis5700_firmwareMatchv200r011c10spc100
AND
huaweis5700Match-
Node
huaweis6700_firmwareMatchv200r008c00
OR
huaweis6700_firmwareMatchv200r010c00
OR
huaweis6700_firmwareMatchv200r010c00spc300
OR
huaweis6700_firmwareMatchv200r011c00
OR
huaweis6700_firmwareMatchv200r011c00spc100
OR
huaweis6700_firmwareMatchv200r011c10
OR
huaweis6700_firmwareMatchv200r011c10spc100
AND
huaweis6700Match-
Node
huaweis7700_firmwareMatchv200r008c00
OR
huaweis7700_firmwareMatchv200r010c00
OR
huaweis7700_firmwareMatchv200r010c00spc300
OR
huaweis7700_firmwareMatchv200r011c00
OR
huaweis7700_firmwareMatchv200r011c00spc100
OR
huaweis7700_firmwareMatchv200r011c10
AND
huaweis7700Match-
Node
huaweis9700_firmwareMatchv200r007c01
OR
huaweis9700_firmwareMatchv200r007c01b102
OR
huaweis9700_firmwareMatchv200r008c00
OR
huaweis9700_firmwareMatchv200r010c00
OR
huaweis9700_firmwareMatchv200r010c00spc300
OR
huaweis9700_firmwareMatchv200r011c00
OR
huaweis9700_firmwareMatchv200r011c00spc100
OR
huaweis9700_firmwareMatchv200r011c10
AND
huaweis9700Match-
Node
huaweisecospace_usg6300_firmwareMatchv500r001c30
OR
huaweisecospace_usg6300_firmwareMatchv500r001c60
AND
huaweisecospace_usg6300Match-
Node
huaweisecospace_usg6500_firmwareMatchv500r001c30
OR
huaweisecospace_usg6500_firmwareMatchv500r001c60
AND
huaweisecospace_usg6500Match-
Node
huaweisecospace_usg6600_firmwareMatchv500r001c30
OR
huaweisecospace_usg6600_firmwareMatchv500r001c60
AND
huaweisecospace_usg6600Match-
Node
huaweiusg9500_firmwareMatchv500r001c30
OR
huaweiusg9500_firmwareMatchv500r001c60
AND
huaweiusg9500Match-

CNA Affected

[
  {
    "product": "NIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V500R001C30,V500R001C60"
      },
      {
        "status": "affected",
        "version": "V500R001C30"
      },
      {
        "status": "affected",
        "version": "V500R001C60"
      },
      {
        "status": "affected",
        "version": "V200R007C01,V200R007C01B102,V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
      },
      {
        "status": "affected",
        "version": "V200R009C00SPC200,V200R009C00SPC500,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
      },
      {
        "status": "affected",
        "version": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10"
      },
      {
        "status": "affected",
        "version": "V200R008C00,V200R010C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100"
      }
    ]
  }
]

Social References

More

Related

prion 1
huawei 1
cvelist 1
openvas 1
nvd 1
prion
prion
Design/Logic Flaw
2021-03-22 20:15:00
huawei
huawei
Security Advisory - Use After Free Vulnerability in Huawei Product
2021-02-10 00:00:00
cvelist
cvelist
CVE-2021-22321
2021-03-22 19:03:52
openvas
openvas
Huawei Data Communication: Use After Free Vulnerability in Huawei Product (huawei-sa-20210210-01-uaf)
2021-03-29 00:00:00
nvd
nvd
CVE-2021-22321
2021-03-22 20:15:17

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

39.7%

JSON
Related for CVE-2021-22321
prion1huawei1cvelist1openvas1nvd1