CVE-2021-22328

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-dos-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*

cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*

cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c00spc800:*:*:*:*:*:*:*

cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c00spc800:*:*:*:*:*:*:*

cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-08-23 20:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-22328

Mitre link : CVE-2021-22328

CVE.ORG link : CVE-2021-22328

JSON object : View

Products Affected

huawei

cloudengine_6800_firmware
cloudengine_12800
cloudengine_7800_firmware
cloudengine_6800
cloudengine_5800_firmware
cloudengine_7800
cloudengine_5800
cloudengine_12800_firmware

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-22328", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-08-23T20:15:13.613", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-dos-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio en algunos productos de Huawei. En determinados escenarios, debido al manejo inapropiado de los paquetes, un atacante puede dise\u00f1ar el paquete espec\u00edfico. Una explotaci\u00f3n con \u00e9xito puede causar algunos servicios anormales. Las versiones afectadas del producto incluyen: CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800."}], "lastModified": "2022-07-12T17:42:04.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32EF3B57-0B07-40C0-943D-2C21EEE4D747"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE8A2875-0F7E-4790-A925-5999396B7578"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BA3C214-FBB1-428A-8C0B-DF797296FC0E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8FD775C-F6B6-42B3-942E-EB4DC889B5F0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F5DDE2E-B7B3-4D7A-A3EA-C15F968F1186"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19F2B3CC-12AD-466D-98F9-0C09C7C053CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72424532-AB07-47DF-8301-275D6EC2F6D9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D05E858C-A3D8-4BF1-A750-CFD8C949ABF0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}