CVE-2021-22342

Name of the Vulnerable Software and Affected Versions Huawei IPS Module versions V500R005C00 through V500R005C20 Huawei NGFW Module versions V500R005C00 through V500R005C20 Huawei SeMG9811 version V500R005C00 Huawei USG9500 versions V500R001C00 through V500R001C80, V500R005C00 through V500R005C20

Description The issue is related to insufficient input validation in a module, which can be exploited by high-privilege attackers to leak information. This can be achieved by performing specific operations. The vulnerability exists due to inadequate checking of input data, allowing a remote attacker to disclose protected information.

Recommendations For Huawei IPS Module versions V500R005C00 through V500R005C20, consider restricting access to the vulnerable module to minimize the risk of exploitation. For Huawei NGFW Module versions V500R005C00 through V500R005C20, avoid using the vulnerable module until a fix is available. For Huawei SeMG9811 version V500R005C00, temporarily disable the vulnerable function to prevent information leak. For Huawei USG9500 versions V500R001C00 through V500R001C80, V500R005C00 through V500R005C20, restrict the use of the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.