← Back

CVE-2021-22309

nvd nist
Published: Mar 22, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.

Affected (6)

Huawei
4 products
Usg9500 Firmware
Usg9520 Firmware
Usg9560 Firmware
Usg9580 Firmware
Configuration A
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Huawei
Usg9500 Firmware
Version v500r001c30spc200
Usg9500 Firmware
Version v500r001c60spc500
Usg9500 Firmware
Version v500r005c00spc200
Running on/withPlatform Versions
Huawei
Usg9500
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg9520 Firmware
Version v500r005c00
Running on/withPlatform Versions
Huawei
Usg9520
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg9560 Firmware
Version v500r005c00
Running on/withPlatform Versions
Huawei
Usg9560
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg9580 Firmware
Version v500r005c00
Running on/withPlatform Versions
Huawei
Usg9580
All versions

Related CWEs

CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (2)

Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.