HIGH🇵🇱 Wersja polska

CVE-2021-22309

CVSS 7.5v3.1pub. 2021-03-22upd. 2024-11-21

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Huawei Usg9500

    HW
    Huawei
    wszystkie wersje
  • Huawei Usg9500 Firmware

    OS
    Huawei
    v500r001c30spc200v500r001c60spc500v500r005c00spc200
  • Huawei Usg9520

    HW
    Huawei
    wszystkie wersje
  • Huawei Usg9520 Firmware

    OS
    Huawei
    v500r005c00
  • Huawei Usg9560

    HW
    Huawei
    wszystkie wersje
  • Huawei Usg9560 Firmware

    OS
    Huawei
    v500r005c00
  • Huawei Usg9580

    HW
    Huawei
    wszystkie wersje
  • Huawei Usg9580 Firmware

    OS
    Huawei
    v500r005c00
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-9099CRITICAL9.8ten sam produkt

Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Seco...

CVE-2016-4576CRITICAL9.8ten sam produkt

Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NG...

CVE-2021-37129HIGH7.5ten sam produkt

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a functi...

CVE-2020-9213HIGH7.5ten sam produkt

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper...

CVE-2020-1847HIGH7.5ten sam produkt

There is a denial of service vulnerability in some Huawei products. There is no protection against the attack ...