CVE-2021-22309 - Vulnerability Details

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Usg9500 Usg9500 Firmware Usg9520 Usg9520 Firmware Usg9560 Usg9560 Firmware Usg9580 Usg9580 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc200:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r001c60spc500:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r005c00spc200:::::::*

cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:usg9520_firmware:v500r005c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:usg9520:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:usg9560_firmware:v500r005c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:usg9560:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:usg9580_firmware:v500r005c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:usg9580:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210202-01-fw-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2021-03-22T17:42:50

Updated: 2024-08-03T18:37:18.480Z

Reserved: 2021-01-05T00:00:00

Link: CVE-2021-22309

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-03-22T18:15:14.433

Modified: 2024-11-21T05:49:53.087

Link: CVE-2021-22309

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object