CVE-2021-22321

CWE-416 — Use After Free3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 56.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Nip6300 Firmware Huawei Nip6600 Firmware Huawei Nip6800 Firmware +11 more

Timeline

PublishedMar 22

Latest updateMay 24

Description

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages14 packages

▶NVDhuawei/secospace_usg6300_firmwarev500r001c30, v500r001c60+1

▶NVDhuawei/secospace_usg6500_firmwarev500r001c30, v500r001c60+1

▶NVDhuawei/secospace_usg6600_firmwarev500r001c30, v500r001c60+1

▶NVDhuawei/s1700_firmware7 versions+6

▶NVDhuawei/s2700_firmware6 versions+5

🔴Vulnerability Details

GHSA

GHSA-p3qf-gvrh-m63f: There is a use-after-free vulnerability in a Huawei product↗2022-05-24

▶

CVEList

CVE-2021-22321: There is a use-after-free vulnerability in a Huawei product↗2021-03-22

▶