3.3

CVE-2021-22365

EPSS 0.02%
Veröffentlicht 22.06.2021 18:15:08
Zuletzt bearbeitet 21.11.2024 05:49:59
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Ese620x Vess Firmware Versionv100r001c10spc200

Huawei ≫ Ese620x Vess Version-

Huawei ≫ Ese620x Vess Firmware Versionv100r001c20spc200

Huawei ≫ Ese620x Vess Version-

Huawei ≫ Ese620x Vess Firmware Versionv200r001c00spc300

Huawei ≫ Ese620x Vess Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.034

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210526-02-outbounds-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-22365

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22365

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22365

EUVD