CVE-2021-37129 — HIGH (7.5)

Vulnerability Description

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Ips Module Firmware	v500r005c00
Huawei	Ips Module	-
Huawei	Ngfw Module Firmware	v500r005c00
Huawei	Ngfw Module	-
Huawei	Nip6600 Firmware	v500r005c00
Huawei	Nip6600	-
Huawei	S12700 Firmware	v200r010c00spc600
Huawei	S12700	-
Huawei	S1700 Firmware	v200r010c00spc600
Huawei	S1700	-
Huawei	S2700 Firmware	v200r010c00spc600
Huawei	S2700	-
Huawei	S5700 Firmware	v200r010c00spc600
Huawei	S5700	-
Huawei	S6700 Firmware	v200r010c00spc600
Huawei	S6700	-
Huawei	S7700 Firmware	v200r010c00spc600
Huawei	S7700	-
Huawei	S9700 Firmware	v200r010c00spc600
Huawei	S9700	-

Related Weaknesses (CWE)

CWE-787

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwVendor Advisory

FAQ

What is CVE-2021-37129?

CVE-2021-37129 is a vulnerability with a CVSS score of 7.5 (HIGH). There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cau...

How severe is CVE-2021-37129?

CVE-2021-37129 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-37129?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ips Module Firmware, Huawei Ips Module, Huawei Ngfw Module Firmware, Huawei Ngfw Module, Huawei Nip6600 Firmware.