CVE-2021-22366 - OpenCVE

There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a function that handles an internal message contains an out-of-bounds read vulnerability. An attacker could crafted messages between system process, successful exploit could cause Denial of Service (DoS).

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Ese620x Vess Ese620x Vess Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:::::::*
	cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:::::::*
	cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:::::::*

cpe:2.3:h:huawei:ese620x_vess:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210526-03-dos-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2021-06-22T17:56:42

Updated: 2024-08-03T18:44:12.250Z

Reserved: 2021-01-05T00:00:00

Link: CVE-2021-22366

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-22T18:15:08.040

Modified: 2021-06-29T15:55:19.280

Link: CVE-2021-22366

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "eSE620X vESS", "vendor": "n/a", "versions": [{"status": "affected", "version": "V100R001C10SPC200,V100R001C20SPC200,V200R001C00SPC300"}]}], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a function that handles an internal message contains an out-of-bounds read vulnerability. An attacker could crafted messages between system process, successful exploit could cause Denial of Service (DoS)."}], "problemTypes": [{"descriptions": [{"description": "Out-of-Bounds Read", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-22T17:56:42", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210526-03-dos-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22366", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "eSE620X vESS", "version": {"version_data": [{"version_value": "V100R001C10SPC200,V100R001C20SPC200,V200R001C00SPC300"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a function that handles an internal message contains an out-of-bounds read vulnerability. An attacker could crafted messages between system process, successful exploit could cause Denial of Service (DoS)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-of-Bounds Read"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210526-03-dos-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210526-03-dos-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:44:12.250Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210526-03-dos-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2021-22366", "datePublished": "2021-06-22T17:56:42", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-08-03T18:44:12.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:*:*:*:*:*:*:*", "matchCriteriaId": "3D09A362-885C-4CAD-931B-ECFBB857F849", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:*:*:*:*:*:*:*", "matchCriteriaId": "BB48C0D8-E413-411E-9565-9AABA0A70CD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "matchCriteriaId": "60AA30F0-E1A9-4D25-AE84-6CF952FD8E97", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ese620x_vess:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AC039E0-A953-4C79-B751-5B9738371DF0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a function that handles an internal message contains an out-of-bounds read vulnerability. An attacker could crafted messages between system process, successful exploit could cause Denial of Service (DoS)."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites en eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. La vulnerabilidad es debido a que una funci\u00f3n que maneja un mensaje interno contiene una vulnerabilidad de lectura fuera de l\u00edmites. Un atacante podr\u00eda dise\u00f1ar mensajes entre los procesos del sistema, una explotaci\u00f3n con \u00e9xito podr\u00eda causar una Denegaci\u00f3n de Servicio (DoS)"}], "id": "CVE-2021-22366", "lastModified": "2021-06-29T15:55:19.280", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-22T18:15:08.040", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210526-03-dos-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}