CVE-2021-39995 — MEDIUM (6.5)

Vulnerability Description

Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Ecns280 Td Firmware	v100r005c10
Huawei	Ecns280 Td	-
Huawei	Ese620X Vess Firmware	v100r001c10spc200
Huawei	Ese620X Vess	-

Related Weaknesses (CWE)

CWE-125

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-enVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-enVendor Advisory

FAQ

What is CVE-2021-39995?

CVE-2021-39995 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of servi...

How severe is CVE-2021-39995?

CVE-2021-39995 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-39995?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ecns280 Td Firmware, Huawei Ecns280 Td, Huawei Ese620X Vess Firmware, Huawei Ese620X Vess.