CVE-2021-22320 — Huawei IPS Module Firmware vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 60.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei IPS Module Firmware Huawei Ngfw Module Firmware Huawei Nip6600 Firmware +4 more

Timeline

PublishedMar 22

Latest updateMay 24

Description

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS Module, NGFW Module, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500 and Secospace USG6600.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶NVDhuawei/ngfw_module_firmwarev500r005c00spc100, v500r005c00spc200, v500r005c20spc300+2

▶NVDhuawei/ips_module_firmwarev500r005c00spc100, v500r005c00spc200, v500r005c20spc300+2

▶NVDhuawei/secospace_usg6300_firmware7 versions+6

▶NVDhuawei/secospace_usg6500_firmware7 versions+6

▶NVDhuawei/secospace_usg6600_firmware7 versions+6

🔴Vulnerability Details

GHSA

GHSA-8j72-6cmw-672j: There is a denial of service vulnerability in Huawei products↗2022-05-24

▶

CVEList

CVE-2021-22320: There is a denial of service vulnerability in Huawei products↗2021-03-22

▶