CVE-2021-22312

CWE-401Memory Leak3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 60.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Huawei Ips6000e FirmwareHuawei IPS Module FirmwareHuawei Ngfw Module Firmware+9 more
Timeline
PublishedApr 8
Latest updateMay 24

Description

There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages12 packages

NVDhuawei/ngfw_module_firmwarev500r005c00spc100, v500r005c00spc200+1
NVDhuawei/ips_module_firmwarev500r005c00spc100, v500r005c00spc200+1

🔴Vulnerability Details

2
GHSA
GHSA-5r7x-c359-rj25: There is a memory leak vulnerability in some Huawei products2022-05-24
CVEList
CVE-2021-22312: There is a memory leak vulnerability in some Huawei products2021-04-08