4.9

CVE-2021-22341

There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Affected product versions include:IPS Module V500R005C00SPC100,V500R005C00SPC200;NGFW Module V500R005C00SPC100,V500R005C00SPC200;NIP6300 V500R005C00SPC100,V500R005C10SPC200;NIP6600 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 V500R005C00SPC100,V500R005C10SPC200;Secospace USG6600 V500R005C00SPC100,V500R005C00SPC200.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HuaweiIps Module Firmware Versionv500r005c00spc100
   HuaweiIps Module Version-
HuaweiIps Module Firmware Versionv500r005c00spc200
   HuaweiIps Module Version-
HuaweiNgfw Module Firmware Versionv500r005c00spc100
   HuaweiNgfw Module Version-
HuaweiNgfw Module Firmware Versionv500r005c00spc200
   HuaweiNgfw Module Version-
HuaweiNip6300 Firmware Versionv500r005c00spc100
   HuaweiNip6300 Version-
HuaweiNip6300 Firmware Versionv500r005c10spc200
   HuaweiNip6300 Version-
HuaweiNip6600 Firmware Versionv500r005c00spc100
   HuaweiNip6600 Version-
HuaweiNip6600 Firmware Versionv500r005c00spc200
   HuaweiNip6600 Version-
HuaweiSecospace Usg6300 Firmware Versionv500r005c00spc100
   HuaweiSecospace Usg6300 Version-
HuaweiSecospace Usg6300 Firmware Versionv500r005c00spc200
   HuaweiSecospace Usg6300 Version-
HuaweiSecospace Usg6500 Firmware Versionv500r005c00spc100
   HuaweiSecospace Usg6500 Version-
HuaweiSecospace Usg6500 Firmware Versionv500r005c10spc200
   HuaweiSecospace Usg6500 Version-
HuaweiSecospace Usg6600 Firmware Versionv500r005c00spc100
   HuaweiSecospace Usg6600 Version-
HuaweiSecospace Usg6600 Firmware Versionv500r005c00spc200
   HuaweiSecospace Usg6600 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.59% 0.435
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210506-01-memleak-en
Vendor Advisory