CVE-2021-22365
Severity Score
3.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal.
Se presenta una vulnerabilidad de lectura fuera de límites en eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. Un atacante local puede explotar esta vulnerabilidad mediante el envío de un mensaje específico al dispositivo de destino. Debido a la insuficiente comprobación del mensaje interno, una explotación con éxito puede causar el proceso y el servicio anormal
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-05 CVE Reserved
- 2021-06-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210526-02-outbounds-en | 2021-06-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Huawei Search vendor "Huawei" | Ese620x Vess Firmware Search vendor "Huawei" for product "Ese620x Vess Firmware" | v100r001c10spc200 Search vendor "Huawei" for product "Ese620x Vess Firmware" and version "v100r001c10spc200" | - |
Affected
| in | Huawei Search vendor "Huawei" | Ese620x Vess Search vendor "Huawei" for product "Ese620x Vess" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Ese620x Vess Firmware Search vendor "Huawei" for product "Ese620x Vess Firmware" | v100r001c20spc200 Search vendor "Huawei" for product "Ese620x Vess Firmware" and version "v100r001c20spc200" | - |
Affected
| in | Huawei Search vendor "Huawei" | Ese620x Vess Search vendor "Huawei" for product "Ese620x Vess" | - | - |
Safe
|
| Huawei Search vendor "Huawei" | Ese620x Vess Firmware Search vendor "Huawei" for product "Ese620x Vess Firmware" | v200r001c00spc300 Search vendor "Huawei" for product "Ese620x Vess Firmware" and version "v200r001c00spc300" | - |
Affected
| in | Huawei Search vendor "Huawei" | Ese620x Vess Search vendor "Huawei" for product "Ese620x Vess" | - | - |
Safe
|