CVE-2021-22383

There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS).

CVSS v3 4.9 MEDIUM
CVSS v2.0 6.8 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210616-01-cgp-en	Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210616-01-cgp-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:::::::*
	cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:::::::*
	cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:::::::*

cpe:2.3:h:huawei:ese620x_vess:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:50

Type	Values Removed	Values Added
References	~~() https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210616-01-cgp-en - Vendor Advisory~~	() https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210616-01-cgp-en - Vendor Advisory

Information

Published : 2021-06-22 19:15

Updated : 2024-11-21 05:50

NVD link : CVE-2021-22383

Mitre link : CVE-2021-22383

CVE.ORG link : CVE-2021-22383

JSON object : View

Products Affected

huawei

ecns280_td_firmware
ese620x_vess
ese620x_vess_firmware
ecns280_td

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2021-22383", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2021-06-22T19:15:08.057", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210616-01-cgp-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210616-01-cgp-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS)."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites en eCNS280_TD V100R005C10 y eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. La vulnerabilidad es debido a una funci\u00f3n message-handling que contiene una vulnerabilidad de lectura fuera de l\u00edmites. Un atacante puede explotar esta vulnerabilidad mediante el env\u00edo de un mensaje espec\u00edfico al dispositivo de destino, lo que podr\u00eda causar una Denegaci\u00f3n de Servicio (DoS)"}], "lastModified": "2024-11-21T05:50:01.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B5F31C0-805E-4AB7-9BC6-EEB6FE5275F1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "900FA565-05B8-41E9-BE02-9BC4E14A28F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D09A362-885C-4CAD-931B-ECFBB857F849"}, {"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB48C0D8-E413-411E-9565-9AABA0A70CD1"}, {"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60AA30F0-E1A9-4D25-AE84-6CF952FD8E97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ese620x_vess:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9AC039E0-A953-4C79-B751-5B9738371DF0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}