CVE-2021-39995

{"id": "CVE-2021-39995", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-11-29T16:15:07.447", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300."}, {"lang": "es", "value": "Algunos productos de Huawei usan el software OpenHpi para la administraci\u00f3n del hardware. Una funci\u00f3n que analiza los datos devueltos por OpenHpi contiene una vulnerabilidad de lectura fuera de l\u00edmites que podr\u00eda conllevar a una denegaci\u00f3n de servicio. Las versiones de producto afectadas son: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300"}], "lastModified": "2024-11-21T06:20:42.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B5F31C0-805E-4AB7-9BC6-EEB6FE5275F1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "900FA565-05B8-41E9-BE02-9BC4E14A28F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D09A362-885C-4CAD-931B-ECFBB857F849"}, {"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB48C0D8-E413-411E-9565-9AABA0A70CD1"}, {"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60AA30F0-E1A9-4D25-AE84-6CF952FD8E97"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ese620x_vess:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9AC039E0-A953-4C79-B751-5B9738371DF0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}