CVE-2021-22365

Name of the Vulnerable Software and Affected Versions: eSE620X vESS versions V100R001C10SPC200 through V100R001C20SPC200, V200R001C00SPC300 Huawei products (affected versions not specified)

Description: The issue is related to an out of bounds read vulnerability. A local attacker can exploit this by sending a specific message to the target device. The vulnerability is caused by insufficient validation of internal messages. Successful exploitation may cause the process and the service to become abnormal.

Recommendations: For eSE620X vESS versions V100R001C10SPC200 through V100R001C20SPC200, consider restricting access to internal messages until a patch is available. For eSE620X vESS version V200R001C00SPC300, consider implementing additional validation for internal messages to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Huawei products.