PT-2021-15012 · Huawei · Ecns280 Td+2
Published
2021-06-16
·
Updated
2021-06-29
·
CVE-2021-22383
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
eCNS280 TD version V100R005C10
eSE620X vESS versions V100R001C10SPC200 through V100R001C20SPC200, V200R001C00SPC300
Description:
The issue is caused by a message-handling function that contains an out-of-bounds read. An attacker can exploit this by sending a specific message to the target device, potentially causing a Denial of Service (DoS).
Recommendations:
For eCNS280 TD version V100R005C10, update to a version that fixes the out-of-bounds read vulnerability in the message-handling function.
For eSE620X vESS versions V100R001C10SPC200 through V100R001C20SPC200, update to a version that fixes the out-of-bounds read vulnerability in the message-handling function.
For eSE620X vESS version V200R001C00SPC300, update to a version that fixes the out-of-bounds read vulnerability in the message-handling function.
As a temporary workaround, consider restricting the handling of specific messages to minimize the risk of exploitation.
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Vrp
Ecns280 Td
Ese620X Vess