CVE-2021-22309

CWE-330 CWE-327 — Broken Cryptographic Algorithm3 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 64.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Usg9500 Firmware Huawei Usg9520 Firmware Huawei Usg9560 Firmware +1 more

Timeline

PublishedMar 22

Latest updateMay 24

Description

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDhuawei/usg9500_firmwarev500r001c30spc200, v500r001c60spc500, v500r005c00spc200+2

▶NVDhuawei/usg9520_firmwarev500r005c00

▶NVDhuawei/usg9560_firmwarev500r005c00

▶NVDhuawei/usg9580_firmwarev500r005c00

🔴Vulnerability Details

GHSA

GHSA-3fcq-hfv4-xfg4: There is insecure algorithm vulnerability in Huawei products↗2022-05-24

▶

CVEList

CVE-2021-22309: There is insecure algorithm vulnerability in Huawei products↗2021-03-22

▶