1. Home
  2. CVE Database
  3. CVE-2021-22312
MEDIUM · 6.5

CVE-2021-22312

There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release th...

Vulnerability Description

There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
HuaweiIps Module Firmwarev500r005c00spc100
HuaweiIps Module-
HuaweiNgfw Module Firmwarev500r005c00spc100
HuaweiNgfw Module-
HuaweiSecospace Usg6300 Firmwarev500r001c30spc200
HuaweiSecospace Usg6300-
HuaweiSecospace Usg6500 Firmwarev500r001c30spc200
HuaweiSecospace Usg6500-
HuaweiSecospace Usg6600 Firmwarev500r001c30spc200
HuaweiSecospace Usg6600-
HuaweiUsg9500 Firmwarev500r001c30spc200
HuaweiUsg9500-
HuaweiNip6300 Firmwarev500r001c30spc200
HuaweiNip6300-
HuaweiNip6600 Firmwarev500r001c30spc200
HuaweiNip6600-
HuaweiNip6800 Firmwarev500r001c30spc200
HuaweiNip6800-
HuaweiUsg6000E Firmwarev600r006c00
HuaweiUsg6000E-

Related Weaknesses (CWE)

CWE-401

References

FAQ

What is CVE-2021-22312?

CVE-2021-22312 is a vulnerability with a CVSS score of 6.5 (MEDIUM). There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release th...

How severe is CVE-2021-22312?

CVE-2021-22312 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22312?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ips Module Firmware, Huawei Ips Module, Huawei Ngfw Module Firmware, Huawei Ngfw Module, Huawei Secospace Usg6300 Firmware.