CVE-2021-22342

CWE-20Improper Input Validation3 documents3 sources
Severity
4.9MEDIUM
EPSS
0.1%
top 66.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Huawei IPS Module FirmwareHuawei Ngfw Module FirmwareHuawei Semg9811 Firmware+1 more
Timeline
PublishedJun 22
Latest updateMay 24

Description

There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages4 packages

NVDhuawei/ngfw_module_firmwarev500r005c00, v500r005c10, v500r005c20+2
NVDhuawei/ips_module_firmwarev500r005c00, v500r005c10, v500r005c20+2
NVDhuawei/usg9500_firmware9 versions+8
NVDhuawei/semg9811_firmwarev500r005c00

🔴Vulnerability Details

2
GHSA
GHSA-cx6q-ff8w-2x9m: There is an information leak vulnerability in Huawei products2022-05-24
CVEList
CVE-2021-22342: There is an information leak vulnerability in Huawei products2021-06-22
CVE-2021-22342 (MEDIUM CVSS 4.9) | There is an information leak vulner | cvebase.io