CVE-2021-22292 - OpenCVE

There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Ecns280 Ecns280 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:ecns280_firmware:v100r005c00:::::::*
	cpe:2.3:o:huawei:ecns280_firmware:v100r005c10:::::::*

cpe:2.3:h:huawei:ecns280:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2021-02-06T02:09:20

Updated: 2024-08-03T18:37:18.504Z

Reserved: 2021-01-05T00:00:00

Link: CVE-2021-22292

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-02-06T03:15:12.720

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-22292

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "eCNS280", "vendor": "n/a", "versions": [{"status": "affected", "version": "V100R005C00"}, {"status": "affected", "version": "V100R005C10"}]}], "descriptions": [{"lang": "en", "value": "There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-06T02:09:20", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22292", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "eCNS280", "version": {"version_data": [{"version_value": "V100R005C00"}, {"version_value": "V100R005C10"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:18.504Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2021-22292", "datePublished": "2021-02-06T02:09:20", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-08-03T18:37:18.504Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ecns280_firmware:v100r005c00:*:*:*:*:*:*:*", "matchCriteriaId": "576F98F8-B0AB-4D3F-B1EC-65FD12C91A79", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ecns280_firmware:v100r005c10:*:*:*:*:*:*:*", "matchCriteriaId": "375D7506-5F13-4CAA-800F-6C73ADEBF2E7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ecns280:-:*:*:*:*:*:*:*", "matchCriteriaId": "35F2A8E0-6BF8-4F16-9E44-B05B8FE72FDC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en eCNS280 versiones V100R005C00, V100R005C10. Debido a un defecto de dise\u00f1o, atacantes remotos no autorizados env\u00edan una gran cantidad de mensajes espec\u00edficos a unos dispositivos afectados, causando un agotamiento de los recursos del sistema y una denegaci\u00f3n de servicio de la aplicaci\u00f3n web"}], "id": "CVE-2021-22292", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-06T03:15:12.720", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}