CVE-2021-22309
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.
Se presenta una vulnerabilidad de algoritmo no seguro en unos productos Huawei. Un módulo usa una entrada poco aleatoria en un mecanismo seguro. Unos atacantes pueden explotar esta vulnerabilidad mediante fuerza bruta para obtener mensajes confidenciales. Esto puede conllevar a un filtrado de información. Las versiones de producto afectadas incluyen: USG9500 versiones V500R001C30SPC200, V500R001C60SPC500, V500R005C00SPC200; USG9520 versiones V500R005C00; USG9560 versiones V500R005C00; USG9580 versiones V500R005C00
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-05 CVE Reserved
- 2021-03-22 CVE Published
- 2023-12-06 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-330: Use of Insufficiently Random Values
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210202-01-fw-en | 2022-07-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Huawei Search vendor "Huawei" | Usg9500 Firmware Search vendor "Huawei" for product "Usg9500 Firmware" | v500r001c30spc200 Search vendor "Huawei" for product "Usg9500 Firmware" and version "v500r001c30spc200" | - |
Affected
| in | Huawei Search vendor "Huawei" | Usg9500 Search vendor "Huawei" for product "Usg9500" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Usg9500 Firmware Search vendor "Huawei" for product "Usg9500 Firmware" | v500r001c60spc500 Search vendor "Huawei" for product "Usg9500 Firmware" and version "v500r001c60spc500" | - |
Affected
| in | Huawei Search vendor "Huawei" | Usg9500 Search vendor "Huawei" for product "Usg9500" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Usg9500 Firmware Search vendor "Huawei" for product "Usg9500 Firmware" | v500r005c00spc200 Search vendor "Huawei" for product "Usg9500 Firmware" and version "v500r005c00spc200" | - |
Affected
| in | Huawei Search vendor "Huawei" | Usg9500 Search vendor "Huawei" for product "Usg9500" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Usg9520 Firmware Search vendor "Huawei" for product "Usg9520 Firmware" | v500r005c00 Search vendor "Huawei" for product "Usg9520 Firmware" and version "v500r005c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Usg9520 Search vendor "Huawei" for product "Usg9520" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Usg9560 Firmware Search vendor "Huawei" for product "Usg9560 Firmware" | v500r005c00 Search vendor "Huawei" for product "Usg9560 Firmware" and version "v500r005c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Usg9560 Search vendor "Huawei" for product "Usg9560" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Usg9580 Firmware Search vendor "Huawei" for product "Usg9580 Firmware" | v500r005c00 Search vendor "Huawei" for product "Usg9580 Firmware" and version "v500r005c00" | - |
Affected
| in | Huawei Search vendor "Huawei" | Usg9580 Search vendor "Huawei" for product "Usg9580" | - | - |
Safe
|