CVE-2021-22383 - OpenCVE

There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS).

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:S/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Ecns280 Td Ese620x Vess Firmware Ecns280 Td Firmware Ese620x Vess

Configuration 1 [-]

AND

cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:::::::*
	cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:::::::*
	cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:::::::*

cpe:2.3:h:huawei:ese620x_vess:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210616-01-cgp-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2021-06-22T18:59:03

Updated: 2021-06-24T11:24:31

Reserved: 2021-01-05T00:00:00

Link: CVE-2021-22383

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-22T19:15:08.057

Modified: 2021-06-29T17:47:25.727

Link: CVE-2021-22383

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "eCNS280_TD;eSE620X vESS", "vendor": "n/a", "versions": [{"status": "affected", "version": "V100R005C10"}, {"status": "affected", "version": "V100R001C10SPC200,V100R001C20SPC200,V200R001C00SPC300"}]}], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS)."}], "problemTypes": [{"descriptions": [{"description": "Out-Of-Bounds Read", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-24T11:24:31", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210616-01-cgp-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22383", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "eCNS280_TD;eSE620X vESS", "version": {"version_data": [{"version_value": "V100R005C10"}, {"version_value": "V100R001C10SPC200,V100R001C20SPC200,V200R001C00SPC300"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-Of-Bounds Read"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210616-01-cgp-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210616-01-cgp-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2021-22383", "datePublished": "2021-06-22T18:59:03", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2021-06-24T11:24:31", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*", "matchCriteriaId": "6B5F31C0-805E-4AB7-9BC6-EEB6FE5275F1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*", "matchCriteriaId": "900FA565-05B8-41E9-BE02-9BC4E14A28F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:*:*:*:*:*:*:*", "matchCriteriaId": "3D09A362-885C-4CAD-931B-ECFBB857F849", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:*:*:*:*:*:*:*", "matchCriteriaId": "BB48C0D8-E413-411E-9565-9AABA0A70CD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "matchCriteriaId": "60AA30F0-E1A9-4D25-AE84-6CF952FD8E97", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ese620x_vess:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AC039E0-A953-4C79-B751-5B9738371DF0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS)."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites en eCNS280_TD V100R005C10 y eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. La vulnerabilidad es debido a una funci\u00f3n message-handling que contiene una vulnerabilidad de lectura fuera de l\u00edmites. Un atacante puede explotar esta vulnerabilidad mediante el env\u00edo de un mensaje espec\u00edfico al dispositivo de destino, lo que podr\u00eda causar una Denegaci\u00f3n de Servicio (DoS)"}], "id": "CVE-2021-22383", "lastModified": "2021-06-29T17:47:25.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-22T19:15:08.057", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210616-01-cgp-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}