CVE-2021-22309

Name of the Vulnerable Software and Affected Versions: Huawei USG9500 versions V500R001C30SPC200, V500R001C60SPC500, V500R005C00SPC200 Huawei USG9520 version V500R005C00 Huawei USG9560 version V500R005C00 Huawei USG9580 version V500R005C00

Description: The issue is related to an insecure algorithm used in a module of Huawei products, where less random input is utilized in a secure mechanism. This allows attackers to exploit the vulnerability by brute forcing, potentially leading to the obtainment of sensitive messages and information leaks.

Recommendations: For Huawei USG9500 versions V500R001C30SPC200, V500R001C60SPC500, V500R005C00SPC200, consider disabling the affected module until a patch is available. For Huawei USG9520 version V500R005C00, restrict access to the vulnerable mechanism to minimize the risk of exploitation. For Huawei USG9560 version V500R005C00, avoid using the less random input in the secure mechanism until the issue is resolved. For Huawei USG9580 version V500R005C00, as a temporary workaround, consider implementing additional security measures to prevent brute forcing attacks until a patch is available.