PT-2021-21524 · Huawei · Cloudengine 7800+4
Published
2021-10-08
·
Updated
2021-10-28
·
CVE-2021-37122
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
CloudEngine 12800 versions V200R005C10SPC800 through V200R019C00SPC800
CloudEngine 5800 versions V200R005C10SPC800 through V200R019C00SPC800
CloudEngine 6800 versions V200R005C10SPC800 through V200R019C00SPC800
CloudEngine 7800 versions V200R005C10SPC800 through V200R019C00SPC800
Description
There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service to become abnormal.
Recommendations
For CloudEngine 12800 versions V200R005C10SPC800 through V200R019C00SPC800, update to a version that includes the fix for this issue.
For CloudEngine 5800 versions V200R005C10SPC800 through V200R019C00SPC800, update to a version that includes the fix for this issue.
For CloudEngine 6800 versions V200R005C10SPC800 through V200R019C00SPC800, update to a version that includes the fix for this issue.
For CloudEngine 7800 versions V200R005C10SPC800 through V200R019C00SPC800, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the vulnerable service to minimize the risk of exploitation.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloudengine 12800
Cloudengine 5800
Cloudengine 6800
Cloudengine 7800
Huawei Vrp