CVE-2021-22312

moderate-risk

Published 2021-04-08

There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

Do I need to act?

0.18% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Ips Module Firmware

Ngfw Module Firmware

Secospace Usg6300 Firmware

Secospace Usg6500 Firmware

Secospace Usg6600 Firmware

Usg9500 Firmware

Affected Vendors

Huawei

References (2)

Vendor Advisory https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-memory...

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 24/34 · High