CVE-2021-22321

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2021-22321
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-uaf-en Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:nip6300_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:huawei:nip6800_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:huawei:s12700_firmware:v200r007c01:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s12700_firmware:v200r007c01b102:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s12700_firmware:v200r008c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s12700_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s12700_firmware:v200r010c00spc300:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s12700_firmware:v200r011c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s12700_firmware:v200r011c00spc100:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s12700_firmware:v200r011c10:*:*:*:*:*:*:*
cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:huawei:s1700_firmware:v200r009c00spc200:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s1700_firmware:v200r009c00spc500:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s1700_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s1700_firmware:v200r010c00spc300:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s1700_firmware:v200r011c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s1700_firmware:v200r011c00spc100:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s1700_firmware:v200r011c10:*:*:*:*:*:*:*
cpe:2.3:h:huawei:s1700:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:huawei:s2700_firmware:v200r008c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s2700_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s2700_firmware:v200r010c00spc300:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s2700_firmware:v200r011c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s2700_firmware:v200r011c00spc100:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s2700_firmware:v200r011c10:*:*:*:*:*:*:*
cpe:2.3:h:huawei:s2700:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:huawei:s5700_firmware:v200r008c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s5700_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s5700_firmware:v200r010c00spc300:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s5700_firmware:v200r011c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s5700_firmware:v200r011c00spc100:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s5700_firmware:v200r011c10:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s5700_firmware:v200r011c10spc100:*:*:*:*:*:*:*
cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:huawei:s6700_firmware:v200r008c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s6700_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s6700_firmware:v200r010c00spc300:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s6700_firmware:v200r011c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s6700_firmware:v200r011c00spc100:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s6700_firmware:v200r011c10:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s6700_firmware:v200r011c10spc100:*:*:*:*:*:*:*
cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:huawei:s7700_firmware:v200r008c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s7700_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s7700_firmware:v200r010c00spc300:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s7700_firmware:v200r011c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s7700_firmware:v200r011c00spc100:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s7700_firmware:v200r011c10:*:*:*:*:*:*:*
cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
OR cpe:2.3:o:huawei:s9700_firmware:v200r007c01:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s9700_firmware:v200r007c01b102:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s9700_firmware:v200r008c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s9700_firmware:v200r010c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s9700_firmware:v200r010c00spc300:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s9700_firmware:v200r011c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s9700_firmware:v200r011c00spc100:*:*:*:*:*:*:*
cpe:2.3:o:huawei:s9700_firmware:v200r011c10:*:*:*:*:*:*:*
cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
OR cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
OR cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
OR cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*
cpe:2.3:o:huawei:usg9500_firmware:v500r001c60:*:*:*:*:*:*:*
cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*
Information

Published : 2021-03-22 13:15

Updated : 2021-03-24 13:32

NVD link : CVE-2021-22321

Mitre link : CVE-2021-22321

JSON object : View

CWE
CWE-416

Use After Free

Advertisement

dedicated server usa
Products Affected

huawei

  • usg9500
  • s9700
  • s1700_firmware
  • s6700_firmware
  • s12700_firmware
  • s5700_firmware
  • usg9500_firmware
  • secospace_usg6600_firmware
  • s1700
  • s2700
  • s2700_firmware
  • s6700
  • s7700
  • nip6600_firmware
  • s12700
  • secospace_usg6300_firmware
  • nip6600
  • s9700_firmware
  • secospace_usg6500
  • secospace_usg6600
  • nip6300
  • nip6800
  • s5700
  • nip6800_firmware
  • secospace_usg6500_firmware
  • nip6300_firmware
  • secospace_usg6300
  • s7700_firmware