CVE-2021-22411

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 61.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Ngfw Module Firmware Huawei Secospace Usg6300 Firmware Huawei Secospace Usg6500 Firmware +2 more

Timeline

PublishedMay 27

Latest updateMay 24

Description

There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise the normal service of the module.Affected product versions include: NGFW Module versions V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC1…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶NVDhuawei/ngfw_module_firmwarev500r005c00spc100, v500r005c00spc200+1

▶NVDhuawei/secospace_usg6300_firmware5 versions+4

▶NVDhuawei/secospace_usg6500_firmware5 versions+4

▶NVDhuawei/secospace_usg6600_firmware5 versions+4

▶NVDhuawei/usg9500_firmwarev500r001c60spc500, v500r005c00spc100, v500r005c00spc200+2

🔴Vulnerability Details

GHSA

GHSA-5x37-hw27-2w3v: There is an out-of-bounds write vulnerability in some Huawei products↗2022-05-24

▶

CVEList

CVE-2021-22411: There is an out-of-bounds write vulnerability in some Huawei products↗2021-05-27

▶