Denial of service in Some Huawei Products



Published: 2021-10-21

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU57581

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-37129

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei IPS Module: V500R005C00 - V500R005C20

Huawei NGFW Module: V500R005C00

Huawei NIP6600: V500R005C00 - V500R005C20

Huawei S12700: V200R010C00SPC600 - V200R020C10

Huawei S1700: V200R010C00SPC600 - V200R011C10SPC600

Huawei S2700: V200R010C00SPC600 - V200R011C10SPC600

Huawei S5700: V200R010C00SPC600 - V200R019C00SPC500

Huawei S6700: V200R010C00SPC600 - V200R011C10SPC600

Huawei S7700: V200R010C00SPC600 - V200R011C10SPC600

Huawei S9700: V200R010C00SPC600 - V200R011C10SPC600

USG9500: V500R005C00 - V500R005C20


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###