PT-2021-14986 · Huawei · S5700+4
Published
2021-05-12
·
Updated
2021-08-30
·
CVE-2021-22357
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Huawei S12700 versions V200R013C00SPC500 through V200R019C00SPC500
Huawei S5700 versions V200R013C00SPC500 through V200R019C00SPC500
Huawei S6700 versions V200R013C00SPC500 through V200R019C00SPC500
Huawei S7700 versions V200R013C00SPC500 through V200R019C00SPC500
Description:
There is a denial of service issue in Huawei products. A module cannot handle specific messages due to insufficient input validation. Attackers can exploit this by sending specific messages to the affected module, causing denial of service.
Recommendations:
For Huawei S12700 versions V200R013C00SPC500 through V200R019C00SPC500, update to a version that includes the fix for this issue.
For Huawei S5700 versions V200R013C00SPC500 through V200R019C00SPC500, update to a version that includes the fix for this issue.
For Huawei S6700 versions V200R013C00SPC500 through V200R019C00SPC500, update to a version that includes the fix for this issue.
For Huawei S7700 versions V200R013C00SPC500 through V200R019C00SPC500, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the affected module until a patch is available.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Vrp
S12700
S5700
S6700
S7700