CVE-2021-37129

Name of the Vulnerable Software and Affected Versions Huawei IPS Module versions V500R005C00 through V500R005C20 Huawei NGFW Module version V500R005C00 Huawei NIP6600 versions V500R005C00 through V500R005C20 Huawei S12700 versions V200R010C00SPC600 through V200R020C10 Huawei S1700 versions V200R010C00SPC600 through V200R011C10SPC600 Huawei S2700 versions V200R010C00SPC600 through V200R011C10SPC600 Huawei S5700 versions V200R010C00SPC600 through V200R019C00SPC500 Huawei S6700 versions V200R010C00SPC600 through V200R011C10SPC600 Huawei S7700 versions V200R010C00SPC600 through V200R011C10SPC600 Huawei S9700 versions V200R010C00SPC600 through V200R011C10SPC600 Huawei USG9500 versions V500R005C00 through V500R005C20

Description The issue is caused by a function of a module that does not properly verify the input parameter, leading to an out of bounds write vulnerability. Successful exploitation could cause an out of bounds write, resulting in a denial of service condition. This can be achieved by sending specially crafted NETCONF packets to the device.

Recommendations For Huawei IPS Module versions V500R005C00 through V500R005C20, update to a fixed version. For Huawei NGFW Module version V500R005C00, update to a fixed version. For Huawei NIP6600 versions V500R005C00 through V500R005C20, update to a fixed version. For Huawei S12700 versions V200R010C00SPC600 through V200R020C10, update to a fixed version. For Huawei S1700 versions V200R010C00SPC600 through V200R011C10SPC600, update to a fixed version. For Huawei S2700 versions V200R010C00SPC600 through V200R011C10SPC600, update to a fixed version. For Huawei S5700 versions V200R010C00SPC600 through V200R019C00SPC500, update to a fixed version. For Huawei S6700 versions V200R010C00SPC600 through V200R011C10SPC600, update to a fixed version. For Huawei S7700 versions V200R010C00SPC600 through V200R011C10SPC600, update to a fixed version. For Huawei S9700 versions V200R010C00SPC600 through V200R011C10SPC600, update to a fixed version. For Huawei USG9500 versions V500R005C00 through V500R005C20, update to a fixed version. As a temporary workaround, consider disabling the vulnerable module until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the input parameter in the affected module until the issue is resolved.