Strix
26.1K

CVE-2021-22411

MEDIUMCVSS 6.5/10EPSS 0.58%

Last modified

CVE-2021-22411 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. EPSS estimates a 0.58% chance of exploitation in the next 30 days.

Description

There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise the normal service of the module.Affected product versions include: NGFW Module versions V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200;USG9500 versions V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.58%

43.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiNgfw Module Firmwarev500r005c00spc100
HuaweiNgfw Module Firmwarev500r005c00spc200
HuaweiSecospace Usg6300 Firmwarev500r001c30spc200
HuaweiSecospace Usg6300 Firmwarev500r001c30spc600
HuaweiSecospace Usg6300 Firmwarev500r001c60spc500
HuaweiSecospace Usg6300 Firmwarev500r005c00spc100
HuaweiSecospace Usg6300 Firmwarev500r005c00spc200
HuaweiSecospace Usg6500 Firmwarev500r001c30spc200
HuaweiSecospace Usg6500 Firmwarev500r001c30spc600
HuaweiSecospace Usg6500 Firmwarev500r001c60spc500
HuaweiSecospace Usg6500 Firmwarev500r005c00spc100
HuaweiSecospace Usg6500 Firmwarev500r005c00spc200
HuaweiSecospace Usg6600 Firmwarev500r001c30spc200
HuaweiSecospace Usg6600 Firmwarev500r001c30spc600
HuaweiSecospace Usg6600 Firmwarev500r001c60spc500
HuaweiSecospace Usg6600 Firmwarev500r005c00spc100
HuaweiSecospace Usg6600 Firmwarev500r005c00spc200
HuaweiUsg9500 Firmwarev500r001c60spc500
HuaweiUsg9500 Firmwarev500r005c00spc100
HuaweiUsg9500 Firmwarev500r005c00spc200

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-22411?
There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise the normal service of the module.Affected product versions include: NGFW Module versions V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200;USG9500 versions V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200.
How severe is CVE-2021-22411?
CVE-2021-22411 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.58% probability of exploitation in the next 30 days.
How do I fix CVE-2021-22411?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-22411?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST