1. Home
  2. CVE Database
  3. CVE-2021-22411
MEDIUM · 6.5

CVE-2021-22411

There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activiti...

Vulnerability Description

There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise the normal service of the module.Affected product versions include: NGFW Module versions V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200;USG9500 versions V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
HuaweiNgfw Module Firmwarev500r005c00spc100
HuaweiNgfw Module-
HuaweiSecospace Usg6300 Firmwarev500r001c30spc200
HuaweiSecospace Usg6300-
HuaweiSecospace Usg6500 Firmwarev500r001c30spc200
HuaweiSecospace Usg6500-
HuaweiSecospace Usg6600 Firmwarev500r001c30spc200
HuaweiSecospace Usg6600-
HuaweiUsg9500 Firmwarev500r001c60spc500
HuaweiUsg9500-

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2021-22411?

CVE-2021-22411 is a vulnerability with a CVSS score of 6.5 (MEDIUM). There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activiti...

How severe is CVE-2021-22411?

CVE-2021-22411 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22411?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ngfw Module Firmware, Huawei Ngfw Module, Huawei Secospace Usg6300 Firmware, Huawei Secospace Usg6300, Huawei Secospace Usg6500 Firmware.