Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20211124-03-DOS
HistoryNov 24, 2021 - 12:00 a.m.

Security Advisory - Possible Out-Of-Bounds Read Vulnerability in Some Huawei Products

2021-11-2400:00:00
Huawei Technologies
www.huawei.com
14
security advisory
openhpi software
hardware management
out-of-bounds read
denial of service
vulnerability
huawei products
software updates
common vulnerabilities and exposures
cve-2021-39995
hwpsirt-2020-00938

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON

Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. (Vulnerability ID: HWPSIRT-2020-00938)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-39995.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en&gt;

Affected configurations

Vulners
Node
huaweiecns280_td_firmwareMatchv100r005c10
OR
huaweiese620x_vess_firmwareMatchv100r001c10spc200
OR
huaweiese620x_vess_firmwareMatchv100r001c20spc200
OR
huaweiese620x_vess_firmwareMatchv200r001c00spc300
VendorProductVersionCPE
huaweiecns280_td_firmwarev100r005c10cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*
huaweiese620x_vess_firmwarev100r001c10spc200cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:*:*:*:*:*:*:*
huaweiese620x_vess_firmwarev100r001c20spc200cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:*:*:*:*:*:*:*
huaweiese620x_vess_firmwarev200r001c00spc300cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:*:*:*:*:*:*:*

Related

cvelist 1
cve 1
nvd 1
prion 1
cnvd 1
cvelist
cvelist
CVE-2021-39995
2021-11-29 15:34:09
cve
cve
CVE-2021-39995
2021-11-29 16:15:07
nvd
nvd
CVE-2021-39995
2021-11-29 16:15:07
prion
prion
Out-of-bounds
2021-11-29 16:15:00
cnvd
cnvd
Out-of-bounds read vulnerability in multiple Huawei products (CNVD-2021-93832)
2021-11-29 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON
Related for HUAWEI-SA-20211124-03-DOS
cvelist1cve1nvd1prion1cnvd1