CVE-2021-22357

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 60.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei S12700 Firmware Huawei S5700 Firmware Huawei S6700 Firmware +1 more

Timeline

PublishedAug 23

Latest updateMay 24

Description

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions include: S12700 V200R013C00SPC500, V200R019C00SPC500; S5700 V200R013C00SPC500, V200R019C00SPC500; S6700 V200R013C00SPC500, V200R019C00SPC500; S7700 V200R013C00SPC500, V200R019C00SPC500.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDhuawei/s5700_firmwarev200r013c00spc500, v200r019c00spc500+1

▶NVDhuawei/s6700_firmwarev200r013c00spc500, v200r019c00spc500+1

▶NVDhuawei/s7700_firmwarev200r013c00spc500, v200r019c00spc500+1

▶NVDhuawei/s12700_firmwarev200r013c00spc500, v200r019c00spc500+1

🔴Vulnerability Details

GHSA

GHSA-w9mq-c2pg-qc2x: There is a denial of service vulnerability in Huawei products↗2022-05-24

▶

CVEList

CVE-2021-22357: There is a denial of service vulnerability in Huawei products↗2021-08-23

▶