CVE-2021-22356

CWE-327 — Broken Cryptographic Algorithm3 documents3 sources

Severity

5.9MEDIUM

EPSS

0.1%

top 78.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei IPS Module Firmware Huawei Ngfw Module Firmware Huawei Secospace Usg6300 Firmware +3 more

Timeline

PublishedNov 23

Latest updateNov 24

Description

There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions include: IPS Module V500R005C00SPC100, V500R005C00SPC200; NGFW Module V500R005C00SPC100, V500R005C00SPC200; Secospace USG6300 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R0…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

▶NVDhuawei/ngfw_module_firmwarev500r005c00spc100, v500r005c00spc200+1

▶NVDhuawei/secospace_usg6300_firmware5 versions+4

▶NVDhuawei/secospace_usg6500_firmware5 versions+4

▶NVDhuawei/secospace_usg6600_firmware5 versions+4

▶NVDhuawei/ips_module_firmwarev500r005c00spc100, v500r005c00spc200+1

🔴Vulnerability Details

GHSA

GHSA-hj8f-mh7g-pc82: There is a weak secure algorithm vulnerability in Huawei products↗2021-11-24

▶

CVEList

CVE-2021-22356: There is a weak secure algorithm vulnerability in Huawei products↗2021-11-23

▶