CVE-2021-39995

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 62.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Ecns280 TD Firmware Huawei Ese620x Vess Firmware

Timeline

PublishedNov 29

Latest updateNov 30

Description

Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/ese620x_vess_firmwarev100r001c10spc200, v100r001c20spc200, v200r001c00spc300+2

▶NVDhuawei/ecns280_td_firmwarev100r005c10

🔴Vulnerability Details

GHSA

GHSA-mjvc-frcm-6323: Some Huawei products use the OpenHpi software for hardware management↗2021-11-30

▶

CVEList

CVE-2021-39995: Some Huawei products use the OpenHpi software for hardware management↗2021-11-29

▶