Memory leak in Huawei products - CVE-2021-22312
Published: February 11, 2021
Vulnerability identifier: #VU50647
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-22312
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Huawei
Affected software:
Huawei IPS Module
Huawei NGFW Module
Huawei Secospace USG6300
Huawei Secospace USG6500
Huawei Secospace USG6600
USG9500
Huawei IPS Module
Huawei NGFW Module
Huawei Secospace USG6300
Huawei Secospace USG6500
Huawei Secospace USG6600
USG9500
Detailed vulnerability description
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak. A remote authenticated attacker can force the application to leak memory and perform denial of service attack.
How to mitigate CVE-2021-22312
Install updates from vendor's website.