CVE-2021-37129

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:huawei:ips_module_firmware:v500r005c00:::::::*
	cpe:2.3:o:huawei:ips_module_firmware:v500r005c20:::::::*

cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:::::::*
	cpe:2.3:o:huawei:nip6600_firmware:v500r005c20:::::::*

cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:huawei:s12700_firmware:v200r010c00spc600:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r011c10spc500:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r011c10spc600:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r013c00spc500:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r019c00spc200:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r019c00spc500:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r019c10spc200:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r020c00:::::::*
	cpe:2.3:o:huawei:s12700_firmware:v200r020c10:::::::*

cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:huawei:s1700_firmware:v200r010c00spc600:::::::*
	cpe:2.3:o:huawei:s1700_firmware:v200r011c10spc500:::::::*
	cpe:2.3:o:huawei:s1700_firmware:v200r011c10spc600:::::::*

cpe:2.3:h:huawei:s1700:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:huawei:s2700_firmware:v200r010c00spc600:::::::*
	cpe:2.3:o:huawei:s2700_firmware:v200r011c10spc500:::::::*
	cpe:2.3:o:huawei:s2700_firmware:v200r011c10spc600:::::::*

cpe:2.3:h:huawei:s2700:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:huawei:s5700_firmware:v200r010c00spc600:::::::*
	cpe:2.3:o:huawei:s5700_firmware:v200r010c00spc700:::::::*
	cpe:2.3:o:huawei:s5700_firmware:v200r011c10spc500:::::::*
	cpe:2.3:o:huawei:s5700_firmware:v200r011c10spc600:::::::*
	cpe:2.3:o:huawei:s5700_firmware:v200r019c00spc500:::::::*

cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:huawei:s6700_firmware:v200r010c00spc600:::::::*
	cpe:2.3:o:huawei:s6700_firmware:v200r011c10spc500:::::::*
	cpe:2.3:o:huawei:s6700_firmware:v200r011c10spc600:::::::*

cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:huawei:s7700_firmware:v200r010c00spc600:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r010c00spc700:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r011c10spc500:::::::*
	cpe:2.3:o:huawei:s7700_firmware:v200r011c10spc600:::::::*

cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:huawei:s9700_firmware:v200r010c00spc600:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r011c10spc500:::::::*
	cpe:2.3:o:huawei:s9700_firmware:v200r011c10spc600:::::::*

cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

OR	cpe:2.3:o:huawei:usg9500_firmware:v500r005c00:::::::*
	cpe:2.3:o:huawei:usg9500_firmware:v500r005c20:::::::*

cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*

History

28 Oct 2021, 17:04

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5
CWE		CWE-787
References	~~(MISC) https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en -~~	(MISC) https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en - Vendor Advisory
CPE		cpe:2.3:o:huawei:nip6600_firmware:v500r005c20:::::::* cpe:2.3:o:huawei:s1700_firmware:v200r011c10spc500:::::::* cpe:2.3:o:huawei:s12700_firmware:v200r019c10spc200:::::::* cpe:2.3:o:huawei:s5700_firmware:v200r019c00spc500:::::::* cpe:2.3:h:huawei:nip6600:-:::::::* cpe:2.3:o:huawei:s2700_firmware:v200r011c10spc600:::::::* cpe:2.3:o:huawei:s5700_firmware:v200r011c10spc500:::::::* cpe:2.3:h:huawei:s6700:-:::::::* cpe:2.3:o:huawei:s12700_firmware:v200r019c00spc500:::::::* cpe:2.3:h:huawei:s7700:-:::::::* cpe:2.3:h:huawei:s1700:-:::::::* cpe:2.3:h:huawei:s9700:-:::::::* cpe:2.3:o:huawei:ips_module_firmware:v500r005c20:::::::* cpe:2.3:o:huawei:s9700_firmware:v200r011c10spc500:::::::* cpe:2.3:o:huawei:s1700_firmware:v200r011c10spc600:::::::* cpe:2.3:o:huawei:s5700_firmware:v200r010c00spc700:::::::* cpe:2.3:o:huawei:s9700_firmware:v200r011c10spc600:::::::* cpe:2.3:o:huawei:s12700_firmware:v200r020c10:::::::* cpe:2.3:o:huawei:ngfw_module_firmware:v500r005c00:::::::* cpe:2.3:o:huawei:s12700_firmware:v200r011c10spc600:::::::* cpe:2.3:o:huawei:s7700_firmware:v200r011c10spc500:::::::* cpe:2.3:o:huawei:s12700_firmware:v200r010c00spc600:::::::* cpe:2.3:o:huawei:s7700_firmware:v200r010c00spc700:::::::* cpe:2.3:o:huawei:s12700_firmware:v200r020c00:::::::* cpe:2.3:o:huawei:s5700_firmware:v200r011c10spc600:::::::* cpe:2.3:h:huawei:ngfw_module:-:::::::* cpe:2.3:o:huawei:s1700_firmware:v200r010c00spc600:::::::* cpe:2.3:h:huawei:ips_module:-:::::::* cpe:2.3:o:huawei:s7700_firmware:v200r010c00spc600:::::::* cpe:2.3:o:huawei:s12700_firmware:v200r013c00spc500:::::::* cpe:2.3:h:huawei:usg9500:-:::::::* cpe:2.3:o:huawei:usg9500_firmware:v500r005c00:::::::* cpe:2.3:o:huawei:s12700_firmware:v200r019c00spc200:::::::* cpe:2.3:o:huawei:s9700_firmware:v200r010c00spc600:::::::* cpe:2.3:o:huawei:s6700_firmware:v200r010c00spc600:::::::* cpe:2.3:o:huawei:s12700_firmware:v200r011c10spc500:::::::* cpe:2.3:o:huawei:s7700_firmware:v200r011c10spc600:::::::* cpe:2.3:o:huawei:s6700_firmware:v200r011c10spc600:::::::* cpe:2.3:o:huawei:usg9500_firmware:v500r005c20:::::::* cpe:2.3:h:huawei:s2700:-:::::::* cpe:2.3:o:huawei:s2700_firmware:v200r011c10spc500:::::::* cpe:2.3:o:huawei:s5700_firmware:v200r010c00spc600:::::::* cpe:2.3:o:huawei:s6700_firmware:v200r011c10spc500:::::::* cpe:2.3:o:huawei:s2700_firmware:v200r010c00spc600:::::::* cpe:2.3:h:huawei:s5700:-:::::::* cpe:2.3:o:huawei:ips_module_firmware:v500r005c00:::::::* cpe:2.3:o:huawei:nip6600_firmware:v500r005c00:::::::* cpe:2.3:h:huawei:s12700:-:::::::*

27 Oct 2021, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-10-27 01:15

Updated : 2024-02-04 22:08

NVD link : CVE-2021-37129

Mitre link : CVE-2021-37129

CVE.ORG link : CVE-2021-37129

JSON object : View

Products Affected

huawei

s5700
s6700
nip6600
s9700_firmware
s12700_firmware
s12700
usg9500_firmware
ips_module
s2700_firmware
ngfw_module
s7700
ngfw_module_firmware
usg9500
s1700_firmware
s2700
ips_module_firmware
s5700_firmware
s7700_firmware
s6700_firmware
s1700
s9700
nip6600_firmware

CWE

CWE-787

Out-of-bounds Write

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-37129

7.5^/10

5.0^/10

Attach tags to `CVE-2021-37129`