CVE-2021-22383

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.1%

top 64.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Ecns280 TD Firmware Huawei Ese620x Vess Firmware

Timeline

PublishedJun 22

Latest updateMay 24

Description

There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/ese620x_vess_firmwarev100r001c10spc200, v100r001c20spc200, v200r001c00spc300+2

▶NVDhuawei/ecns280_td_firmwarev100r005c10

🔴Vulnerability Details

GHSA

GHSA-6cwc-pxwm-p422: There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300↗2022-05-24

▶

CVEList

CVE-2021-22383: There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300↗2021-06-22

▶