CVE-2021-22363

There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10spc650:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-06-22 19:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-22363

Mitre link : CVE-2021-22363

CVE.ORG link : CVE-2021-22363

JSON object : View

Products Affected

huawei

ecns280_td_firmware
ecns280_td

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2021-22363", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-06-22T19:15:07.920", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de error de administraci\u00f3n de recursos en eCNS280_TD V100R005C10SPC650. Un atacante necesita llevar a cabo operaciones espec\u00edficas para explotar la vulnerabilidad en el dispositivo afectado. Debido a la administraci\u00f3n inapropiada de los recursos de la funci\u00f3n, la vulnerabilidad puede ser explotada para causar un servicio anormal en los dispositivos afectados"}], "lastModified": "2021-06-29T17:25:03.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10spc650:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEF25AB9-70FA-41EB-8F73-555826C493D9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "900FA565-05B8-41E9-BE02-9BC4E14A28F9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}