Cyber Resilience

CVE-2021-22321

Medium

Published: 22 March 2021

Published
22 March 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0021 43.2th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-22321 is a medium-severity Use After Free (CWE-416) vulnerability in Huawei S12700 Firmware. Its CVSS base score is 5.3 (Medium).

Operationally, ranked at the 43.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some…

more

versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

huawei
nip6300 firmware
v500r001c30, v500r001c60
huawei
nip6600 firmware
v500r001c30
huawei
nip6800 firmware
v500r001c60
huawei
s12700 firmware
v200r007c01, v200r007c01b102, v200r008c00, v200r010c00, v200r010c00spc300
huawei
s1700 firmware
v200r009c00spc200, v200r009c00spc500, v200r010c00, v200r010c00spc300, v200r011c00
huawei
s2700 firmware
v200r008c00, v200r010c00, v200r010c00spc300, v200r011c00, v200r011c00spc100
huawei
s5700 firmware
v200r008c00, v200r010c00, v200r010c00spc300, v200r011c00, v200r011c00spc100
huawei
s6700 firmware
v200r008c00, v200r010c00, v200r010c00spc300, v200r011c00, v200r011c00spc100
huawei
s7700 firmware
v200r008c00, v200r010c00, v200r010c00spc300, v200r011c00, v200r011c00spc100
huawei
s9700 firmware
v200r007c01, v200r007c01b102, v200r008c00, v200r010c00, v200r010c00spc300
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-416

Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.

References