CVE-2021-22366

Name of the Vulnerable Software and Affected Versions: eSE620X vESS versions V100R001C10SPC200 through V200R001C00SPC300

Description: The issue is caused by a function handling internal messages that contains an out-of-bounds read. An attacker could craft messages between system processes, and a successful exploit could cause a Denial of Service (DoS).

Recommendations: For versions V100R001C10SPC200, V100R001C20SPC200, and V200R001C00SPC300, consider disabling the function that handles internal messages as a temporary workaround until a patch is available. Restrict access to system processes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.