CVE-2021-22312

Name of the Vulnerable Software and Affected Versions Huawei IPS Module (affected versions not specified) Huawei NGFW Module (affected versions not specified) Huawei Secospace USG6300 (affected versions not specified) Huawei Secospace USG6500 (affected versions not specified) Huawei Secospace USG6600 (affected versions not specified) Huawei USG9500 (affected versions not specified)

Description The issue is related to a memory leak, where an authenticated remote attacker can exploit the vulnerability by sending a specific message to the affected product. This can cause service abnormalities due to improper memory allocation release. The vulnerability may allow a remote attacker to cause a denial of service.

Recommendations For Huawei IPS Module, update to a version that properly releases allocated memory to prevent service abnormalities. For Huawei NGFW Module, ensure that all allocated memory is properly released after use to mitigate the risk of service disruption. For Huawei Secospace USG6300, restrict access to the module until a patch is available that fixes the memory leak issue. For Huawei Secospace USG6500, consider disabling the affected service temporarily until a fix is applied. For Huawei Secospace USG6600, apply configuration changes to minimize the impact of the memory leak on system performance. For Huawei USG9500, as a temporary workaround, consider implementing additional monitoring to quickly identify and respond to service abnormalities caused by the memory leak.