CVE-2021-39995 - OpenCVE

Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:S/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Ecns280 Td Ese620x Vess Firmware Ecns280 Td Firmware Ese620x Vess

Configuration 1 [-]

AND

cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:::::::*
	cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:::::::*
	cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:::::::*

cpe:2.3:h:huawei:ese620x_vess:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2021-11-29T15:34:09

Updated: 2021-11-29T15:34:09

Reserved: 2021-08-23T00:00:00

Link: CVE-2021-39995

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-11-29T16:15:07.447

Modified: 2021-11-30T20:08:19.907

Link: CVE-2021-39995

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "eCNS280_TD;eSE620X vESS", "vendor": "n/a", "versions": [{"status": "affected", "version": "V100R005C10"}, {"status": "affected", "version": "V100R001C10SPC200,V100R001C20SPC200,V200R001C00SPC300"}]}], "descriptions": [{"lang": "en", "value": "Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300."}], "problemTypes": [{"descriptions": [{"description": "Possible Out-Of-Bounds Read", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-11-29T15:34:09", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-39995", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "eCNS280_TD;eSE620X vESS", "version": {"version_data": [{"version_value": "V100R005C10"}, {"version_value": "V100R001C10SPC200,V100R001C20SPC200,V200R001C00SPC300"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Possible Out-Of-Bounds Read"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2021-39995", "datePublished": "2021-11-29T15:34:09", "dateReserved": "2021-08-23T00:00:00", "dateUpdated": "2021-11-29T15:34:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*", "matchCriteriaId": "6B5F31C0-805E-4AB7-9BC6-EEB6FE5275F1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*", "matchCriteriaId": "900FA565-05B8-41E9-BE02-9BC4E14A28F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:*:*:*:*:*:*:*", "matchCriteriaId": "3D09A362-885C-4CAD-931B-ECFBB857F849", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:*:*:*:*:*:*:*", "matchCriteriaId": "BB48C0D8-E413-411E-9565-9AABA0A70CD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "matchCriteriaId": "60AA30F0-E1A9-4D25-AE84-6CF952FD8E97", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ese620x_vess:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AC039E0-A953-4C79-B751-5B9738371DF0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300."}, {"lang": "es", "value": "Algunos productos de Huawei usan el software OpenHpi para la administraci\u00f3n del hardware. Una funci\u00f3n que analiza los datos devueltos por OpenHpi contiene una vulnerabilidad de lectura fuera de l\u00edmites que podr\u00eda conllevar a una denegaci\u00f3n de servicio. Las versiones de producto afectadas son: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300"}], "id": "CVE-2021-39995", "lastModified": "2021-11-30T20:08:19.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-29T16:15:07.447", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}