CVE-2021-22342

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

22/06/2021

Last modified:

28/06/2022

Description

There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 4.90 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None

Base Score 3.x

4.90

Severity 3.x

MEDIUM

Vector 2.0

AV:N/AC:L/Au:S/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 4.00 MEDIUM
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): Single
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None

Base Score 2.0

4.00

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:huawei:ips_module_firmware:v500r005c00:::::::*
cpe:2.3:o:huawei:ips_module_firmware:v500r005c10:::::::*
cpe:2.3:o:huawei:ips_module_firmware:v500r005c20:::::::*
cpe:2.3:h:huawei:ips_module:-:::::::*
cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:::::::*
cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c10:::::::*
cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c20:::::::*
cpe:2.3:h:huawei:ngfw_module:-:::::::*
cpe:2.3:o:huawei:semg9811_firmware:v500r005c00:::::::*
cpe:2.3:h:huawei:semg9811:-:::::::*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:::::::*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c20:::::::*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:::::::*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c50:::::::*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c60:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-infomationleak-en

CPE	From	Up to
cpe:2.3:o:huawei:ips_module_firmware:v500r005c00:::::::*
cpe:2.3:o:huawei:ips_module_firmware:v500r005c10:::::::*
cpe:2.3:o:huawei:ips_module_firmware:v500r005c20:::::::*
cpe:2.3:h:huawei:ips_module:-:::::::*
cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:::::::*
cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c10:::::::*
cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c20:::::::*
cpe:2.3:h:huawei:ngfw_module:-:::::::*
cpe:2.3:o:huawei:semg9811_firmware:v500r005c00:::::::*
cpe:2.3:h:huawei:semg9811:-:::::::*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:::::::*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c20:::::::*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:::::::*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c50:::::::*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c60:::::::*