Strix
26.1K

CVE-2021-22321

MEDIUMCVSS 5.3/10EPSS 0.71%

Last modified

CVE-2021-22321 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. EPSS estimates a 0.71% chance of exploitation in the next 30 days.

Description

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

Metrics

CVSS 3.1
5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Probability
0.71%

49.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiNip6300 Firmwarev500r001c30
HuaweiNip6300 Firmwarev500r001c60
HuaweiNip6600 Firmwarev500r001c30
HuaweiNip6800 Firmwarev500r001c60
HuaweiS12700 Firmwarev200r007c01
HuaweiS12700 Firmwarev200r007c01b102
HuaweiS12700 Firmwarev200r008c00
HuaweiS12700 Firmwarev200r010c00
HuaweiS12700 Firmwarev200r010c00spc300
HuaweiS12700 Firmwarev200r011c00
HuaweiS12700 Firmwarev200r011c00spc100
HuaweiS12700 Firmwarev200r011c10
HuaweiS1700 Firmwarev200r009c00spc200
HuaweiS1700 Firmwarev200r009c00spc500
HuaweiS1700 Firmwarev200r010c00
HuaweiS1700 Firmwarev200r010c00spc300
HuaweiS1700 Firmwarev200r011c00
HuaweiS1700 Firmwarev200r011c00spc100
HuaweiS1700 Firmwarev200r011c10
HuaweiS2700 Firmwarev200r008c00
HuaweiS2700 Firmwarev200r010c00
HuaweiS2700 Firmwarev200r010c00spc300
HuaweiS2700 Firmwarev200r011c00
HuaweiS2700 Firmwarev200r011c00spc100
HuaweiS2700 Firmwarev200r011c10
HuaweiS5700 Firmwarev200r008c00
HuaweiS5700 Firmwarev200r010c00
HuaweiS5700 Firmwarev200r010c00spc300
HuaweiS5700 Firmwarev200r011c00
HuaweiS5700 Firmwarev200r011c00spc100
HuaweiS5700 Firmwarev200r011c10
HuaweiS5700 Firmwarev200r011c10spc100
HuaweiS6700 Firmwarev200r008c00
HuaweiS6700 Firmwarev200r010c00
HuaweiS6700 Firmwarev200r010c00spc300
HuaweiS6700 Firmwarev200r011c00
HuaweiS6700 Firmwarev200r011c00spc100
HuaweiS6700 Firmwarev200r011c10
HuaweiS6700 Firmwarev200r011c10spc100
HuaweiS7700 Firmwarev200r008c00
HuaweiS7700 Firmwarev200r010c00
HuaweiS7700 Firmwarev200r010c00spc300
HuaweiS7700 Firmwarev200r011c00
HuaweiS7700 Firmwarev200r011c00spc100
HuaweiS7700 Firmwarev200r011c10
HuaweiS9700 Firmwarev200r007c01
HuaweiS9700 Firmwarev200r007c01b102
HuaweiS9700 Firmwarev200r008c00
HuaweiS9700 Firmwarev200r010c00
HuaweiS9700 Firmwarev200r010c00spc300

Showing 50 of 61 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-22321?
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.
How severe is CVE-2021-22321?
CVE-2021-22321 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.71% probability of exploitation in the next 30 days.
How do I fix CVE-2021-22321?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-22321?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST