Strix
26.1K

CVE-2021-37129

HIGHCVSS 7.5/10EPSS 0.66%

Last modified

CVE-2021-37129 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. EPSS estimates a 0.66% chance of exploitation in the next 30 days.

Description

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.66%

46.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiIps Module Firmwarev500r005c00
HuaweiIps Module Firmwarev500r005c20
HuaweiNgfw Module Firmwarev500r005c00
HuaweiNip6600 Firmwarev500r005c00
HuaweiNip6600 Firmwarev500r005c20
HuaweiS12700 Firmwarev200r010c00spc600
HuaweiS12700 Firmwarev200r011c10spc500
HuaweiS12700 Firmwarev200r011c10spc600
HuaweiS12700 Firmwarev200r013c00spc500
HuaweiS12700 Firmwarev200r019c00spc200
HuaweiS12700 Firmwarev200r019c00spc500
HuaweiS12700 Firmwarev200r019c10spc200
HuaweiS12700 Firmwarev200r020c00
HuaweiS12700 Firmwarev200r020c10
HuaweiS1700 Firmwarev200r010c00spc600
HuaweiS1700 Firmwarev200r011c10spc500
HuaweiS1700 Firmwarev200r011c10spc600
HuaweiS2700 Firmwarev200r010c00spc600
HuaweiS2700 Firmwarev200r011c10spc500
HuaweiS2700 Firmwarev200r011c10spc600
HuaweiS5700 Firmwarev200r010c00spc600
HuaweiS5700 Firmwarev200r010c00spc700
HuaweiS5700 Firmwarev200r011c10spc500
HuaweiS5700 Firmwarev200r011c10spc600
HuaweiS5700 Firmwarev200r019c00spc500
HuaweiS6700 Firmwarev200r010c00spc600
HuaweiS6700 Firmwarev200r011c10spc500
HuaweiS6700 Firmwarev200r011c10spc600
HuaweiS7700 Firmwarev200r010c00spc600
HuaweiS7700 Firmwarev200r010c00spc700
HuaweiS7700 Firmwarev200r011c10spc500
HuaweiS7700 Firmwarev200r011c10spc600
HuaweiS9700 Firmwarev200r010c00spc600
HuaweiS9700 Firmwarev200r011c10spc500
HuaweiS9700 Firmwarev200r011c10spc600
HuaweiUsg9500 Firmwarev500r005c00
HuaweiUsg9500 Firmwarev500r005c20

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-37129?
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20.
How severe is CVE-2021-37129?
CVE-2021-37129 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.66% probability of exploitation in the next 30 days.
How do I fix CVE-2021-37129?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-37129?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST