Lucene search
Huawei TechnologiesHUAWEI-SA-20211215-01-LOG4JHistoryDec 15, 2021 - 12:00 a.m.
Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products
2021-12-1500:00:00
Huawei Technologies
www.huawei.com
245
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.976 High
EPSS
Percentile
100.0%
Some Huawei products are affected by the Apache Log4j2 remote code execution vulnerabilities. The vulnerabilities are caused by a recursive parsing error in some functions of Apache Log4j2. An attacker can construct a malicious request to control log parameters to trigger a remote code execution vulnerability. (Vulnerability ID: HWPSIRT-2021-28415 and HWPSIRT-2021-94301)
The two vulnerabilities have been assigned two Common Vulnerabilities and Exposures (CVE) IDs: CVE-2021-45046 and CVE-2021-44228.
For products that have released software updates to fix these vulnerabilities, Huawei will release and update this Security Advisory at:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211215-01-log4j-en
](<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211215-01-log4j-en>)
Affected configurations
Node
huaweismsgwMatchv100r001c01
ORhuaweismsgwMatchv100r002c11
ORhuaweismsgwMatchv100r003c01
ORhuaweiagile_controller-campusMatchv100r003c60spc202
ORhuaweiagile_controller-campusMatchv100r003c60spc205
ORhuaweiagile_controller-campusMatchv100r003c60spc206
ORhuaweiagile_controller-campusMatchv100r003c60spc207
ORhuaweiagile_controller-campusMatchv100r003c60spc208
ORhuaweiagile_controller-campusMatchv100r003c60spc209
ORhuaweiagile_controller-campusMatchv100r003c60spc210
ORhuaweiagile_controller-campusMatchv100r003c60spc211
ORhuaweiagile_controller-campusMatchv100r003c60spc212
ORhuaweiagile_controller-campusMatchv100r003c60spc213
ORhuaweifusioncomputeMatch6.5.0
ORhuaweifusioncomputeMatch6.5.1
ORhuaweifusioncomputeMatch8.0.0
ORhuaweifusioncomputeMatch8.0.1
ORhuaweifusioncomputeMatch8.0.rc2
ORhuaweifusioncomputeMatch8.0.rc3
ORhuaweifusioncomputeMatch8.1.0
ORhuaweifusioncomputeMatch8.1.1
ORhuaweifusioncomputeMatch8.1.rc1
ORhuaweifusioncubeMatch6.0.0
ORhuaweifusioncubeMatch6.0.1
ORhuaweifusioncubeMatch6.0.2
ORhuaweifusioncubeMatch6.0.3
ORhuaweifusioncubeMatch6.0.5
ORhuaweifusioncubeMatch6.0.rc1
ORhuaweifusioncubeMatch6.0.rc2
ORhuaweifusioncubeMatch6.0.rc3
ORhuaweifusioncubeMatch6.0.rc5
ORhuaweifusionstorageMatch7.0.0
ORhuaweifusionstorageMatch7.0.1
ORhuaweigaussdb_200Match6
ORhuaweimanageoneMatch8.0.0
ORhuaweimanageoneMatch8.0.1
ORhuaweimanageoneMatch8.0.2
ORhuaweimanageoneMatch8.0.3
ORhuaweimanageoneMatch8.1.0
ORhuaweinetwork_functions_virtualization_fusionsphereMatch21.3.0spc12
ORhuaweinetwork_functions_virtualization_fusionsphereMatch6.5.1spc12
ORhuaweinetwork_functions_virtualization_fusionsphereMatch8.0.0spc12
ORhuaweinetwork_functions_virtualization_fusionsphereMatchv100r006c50spc105spc12
ORhuaweinetwork_functions_virtualization_fusionsphereMatchv100r006c50spc109spc12
ORhuaweinetwork_functions_virtualization_fusionsphereMatchv100r006c50spc212spc12
ORhuaweinetwork_functions_virtualization_fusionsphereMatchv100r006c50spc219spc12
ORhuaweinetwork_functions_virtualization_fusionsphereMatchv100r006c50spc220spc12
ORhuaweinetwork_functions_virtualization_fusionsphereMatchv100r006c50sph211spc12
ORhuaweioceanstor_5800_v3Matchv300r006c60
ORhuaweioceanstor_replicationdirectorMatchv300r006c20
ORhuaweismc2.0Matchv500r002c00spc900
ORhuaweismc2.0Matchv600r006c00
ORhuaweismc2.0Matchv600r006c10
ORhuaweismc2.0Matchv600r019c00
ORhuaweismc2.0Matchv600r019c10
ORhuaweisoftcoMatchv200r003c50spc500
ORhuaweisoftcoMatchv200r003c50spc600
ORhuaweisoftcoMatchv200r003c50spc700
ORhuaweisoftcoMatchv200r003c50spc800
ORhuaweisoftcoMatchv200r003c50spc900
ORhuaweieapp610Matchv100r006c00
ORhuaweiecns280\[1\]Matchv100r005c10spc200
ORhuaweiecns280\[1\]Matchv100r005c10spc210
ORhuaweiecns280\[1\]Matchv100r005c10spc300
ORhuaweiecns280\[1\]Matchv100r005c10spc310
ORhuaweiecns280\[1\]Matchv100r005c10spc500
ORhuaweiecns280\[1\]Matchv100r005c10spc506
ORhuaweiecns280\[1\]Matchv100r005c10spc516
ORhuaweiecns280\[1\]Matchv100r005c10spc800
ORhuaweiecns280\[1\]Matchv100r005c10spc801
ORhuaweiecns280\[1\]Matchv100r005c10spc802
ORhuaweiecns290\[1\]Matchv100r005c30spc200
ORhuaweiecns290\[1\]Matchv100r005c30spc201
ORhuaweiecns290\[1\]Matchv100r005c30spc202
ORhuaweielogMatchv200r007c10
ORhuaweiese620x_vess\[1\]Matchv100r001c10spc200
ORhuaweiese620x_vess\[1\]Matchv100r001c20spc300
ORhuaweiese620x_vess\[1\]Matchv200r001c00spc360
ORhuaweiespace_desktopMatchv300r001c00spc200
ORhuaweiespace_desktopMatchv300r001c00spc201
ORhuaweiespace_desktopMatchv300r001c00spc202
ORhuaweiespace_desktopMatchv300r001c00spc203
ORhuaweiespace_desktopMatchv300r001c00spc205
ORhuaweiespace_desktopMatchv300r001c00spc206
ORhuaweiespace_desktopMatchv300r001c00spc207
ORhuaweiespace_desktopMatchv300r001c00spc208
ORhuaweiespace_desktopMatchv300r001c00spc209
ORhuaweiespace_desktopMatchv300r001c00spc210
ORhuaweiespace_desktopMatchv300r001c00spc211
ORhuaweiespace_desktopMatchv300r001c00spc212
ORhuaweiespace_desktopMatchv300r001c00spc213
ORhuaweiespace_desktopMatchv300r001c00spc215
ORhuaweiespace_desktopMatchv300r001c00spc216
ORhuaweiespace_desktopMatchv300r001c00spc217
ORhuaweiespace_desktopMatchv300r001c00spc218
ORhuaweiespace_desktopMatchv300r001c00spc219
ORhuaweiespace_desktopMatchv300r001c00spc220
ORhuaweiespace_desktopMatchv300r001c00spc221
ORhuaweiespace_desktopMatchv300r001c00spc222
ORhuaweiespace_desktopMatchv200r003c50spc500
ORhuaweiespace_desktopMatchv200r003c50spc600
ORhuaweiespace_desktopMatchv200r003c50spc700
ORhuaweiespace_desktopMatchv200r003c50spc800
ORhuaweiespace_desktopMatchv200r003c50spc900
ORhuaweiu1911Matchv200r003c50spc500
ORhuaweiu1911Matchv200r003c50spc600
ORhuaweiu1911Matchv200r003c50spc700
ORhuaweiu1911Matchv200r003c50spc800
ORhuaweiu1911Matchv200r003c50spc900
ORhuaweiu1930Matchv200r003c50spc500
ORhuaweiu1930Matchv200r003c50spc600
ORhuaweiu1930Matchv200r003c50spc700
ORhuaweiu1930Matchv200r003c50spc800
ORhuaweiu1930Matchv200r003c50spc900
ORhuaweiu1960Matchv200r003c50spc500
ORhuaweiu1960Matchv200r003c50spc600
ORhuaweiu1960Matchv200r003c50spc700
ORhuaweiu1960Matchv200r003c50spc800
ORhuaweiu1960Matchv200r003c50spc900
ORhuaweiu1980Matchv200r003c50spc500
ORhuaweiu1980Matchv200r003c50spc600
ORhuaweiu1980Matchv200r003c50spc700
ORhuaweiu1980Matchv200r003c50spc800
ORhuaweiu1980Matchv200r003c50spc900
ORhuaweiu1981Matchv200r003c50
ORhuaweiimanager_netecoMatchv600r009c10
ORhuaweiimanager_netecoMatchv600r010c00
ORhuaweiimanager_neteco_6000Matchv600r008c00
ORhuaweiimanager_neteco_6000Matchv600r008c10
ORhuaweiimanager_neteco_6000Matchv600r009c00
ORhuaweiimanager_neteco_6000Matchv600r021c00
ORhuaweiimanager_neteco_6000Matchv600r021c10
ORhuaweiimaster_mae-mMatchv100r020c10
ORhuaweiimaster_mae-mMatchv100r021c10
ORhuaweiimaster_mae-mMatchv100r022c00
Related
nuclei
nuclei
Apache Log4j2 - Remote Code Injection
2021-12-23 15:41:50
fortinet
fortinet
Apache log4j2 log messages substitution (CVE-2021-44228)
2021-12-12 00:00:00
talosblog
talosblog
Quarterly Report: Incident Response Trends in Q2 2022
2022-07-26 14:03:00
ibm
ibm
amazon
amazon
Critical: java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk
2021-12-17 17:39:00
Critical: aws-kinesis-agent
2021-12-16 00:11:00
nessus
nessus
FreeBSD : graylog -- remote code execution in log4j from user-controlled log input (650734b2-7665-4170-9a0a-eeced5e10a5e)
2021-12-21 00:00:00
Ubuntu 20.04 LTS : Apache Log4j 2 vulnerability (USN-5197-1)
2021-12-15 00:00:00
Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2021-001)
2022-05-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Log4j Remote Code Execution (CVE-2021-44228; CVE-2021-45046)
2021-12-10 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5022-1)
2021-12-17 00:00:00
Apache Log4j 2.0.x Multiple Vulnerabilities (UDP, Log4Shell) - Active Check
2021-12-13 00:00:00
redhat
redhat
vmware
vmware
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-13 11:34:54
Exploit for Deserialization of Untrusted Data in Apache Log4J
2022-01-13 03:02:47
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-19 21:39:28
securelist
securelist
CVE-2021-44228 vulnerability in Apache Log4j library
2021-12-13 14:10:21
osv
osv
CVE-2021-45046
2021-12-14 19:15:07
Incomplete fix for Apache Log4j vulnerability
2021-12-14 18:01:28
apache-log4j2 vulnerability
2021-12-15 19:02:14
threatpost
threatpost
APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools
2021-12-30 16:16:23
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
2021-12-15 14:04:19
mssecure
mssecure
ubuntu
ubuntu
Apache Log4j 2 vulnerability
2021-12-15 00:00:00
debiancve
debiancve
CVE-2021-45046
2021-12-14 19:15:07
kitploit
kitploit
cvelist
cvelist
CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
2021-12-14 16:55:09
CVE-2022-33915
2022-06-17 07:01:30
typo3
typo3
Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)
2021-12-16 00:00:00
intel
intel
mageia
mageia
Updated log4j packages fix security vulnerability
2021-12-19 15:26:08
cisa_kev
cisa_kev
Apache Log4j2 Deserialization of Untrusted Data Vulnerability
2023-05-01 00:00:00
impervablog
impervablog
Log4Shell log4j Remote Code Execution – The COVID of the Internet
2022-01-06 16:41:56
rapid7blog
rapid7blog
How to Protect Your Applications Against Log4Shell With tCell
2021-12-15 14:58:14
f5
f5
K32171392 : Apache Log4j2 vulnerability CVE-2021-45046
2021-12-16 00:00:00
mmpc
mmpc
malwarebytes
malwarebytes
github
github
Remote code injection in Log4j
2021-12-10 00:40:56
Incomplete fix for Apache Log4j vulnerability
2021-12-14 18:01:28
freebsd
freebsd
graylog -- remote code execution in log4j from user-controlled log input
2021-11-14 00:00:00
attackerkb
attackerkb
CVE-2021-45046
2021-12-14 00:00:00
CVE-2021-44228 (Log4Shell)
2022-02-08 00:00:00
CVE-2022-33915
2022-06-17 00:00:00
suse
suse
Security update for log4j (important)
2021-12-17 00:00:00
Security update for log4j (important)
2021-12-20 00:00:00
ubuntucve
ubuntucve
CVE-2021-45046
2021-12-14 00:00:00
debian
debian
[SECURITY] [DSA 5022-1] apache-log4j2 security update
2021-12-16 10:29:17
prion
prion
Default configuration
2021-12-14 19:15:00
thn
thn
nvd
nvd
CVE-2021-45046
2021-12-14 19:15:07
redhatcve
redhatcve
CVE-2021-45046
2022-05-07 14:27:31
cve
cve
CVE-2021-45046
2021-12-14 19:15:07
veracode
veracode
Denial Of Service (DoS)
2021-12-15 00:30:50
fedora
fedora
[SECURITY] Fedora 34 Update: log4j-2.17.0-1.fc34
2021-12-27 00:56:30
avleonov
avleonov
Log4j “Log4Shell” RCE explained (CVE-2021-44228)
2021-12-26 22:07:17
ics
ics
Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
2021-12-23 12:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.976 High
EPSS
Percentile
100.0%
Related for HUAWEI-SA-20211215-01-LOG4J