Cyber Resilience

CVE-2021-22342

Medium

Published: 22 June 2021

Published
22 June 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0014 33.7th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-22342 is a medium-severity an unspecified weakness vulnerability in Huawei Usg9500 Firmware. Its CVSS base score is 4.9 (Medium).

Operationally, ranked at the 33.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS…

more

Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

huawei
ips module firmware
v500r005c00, v500r005c10, v500r005c20
huawei
ngfw module firmware
v500r005c00, v500r005c10, v500r005c20
huawei
semg9811 firmware
v500r005c00
huawei
usg9500 firmware
v500r001c00, v500r001c20, v500r001c30, v500r001c50, v500r001c60

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References