CVE-2021-22312
MEDIUMHuawei IPS Module, NGFW Module, Secospace USG6300, USG6500, USG6600, and USG9500 - Memory Leak
Title source: llmDescription
There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-01-memoryleak-en
Scores
CVSS v3
6.5
EPSS
0.0018
EPSS Percentile
39.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-401
Status
published
Products (42)
huawei/ips6000e_firmware
v600r006c00
huawei/ips_module_firmware
v500r005c00spc100
huawei/ips_module_firmware
v500r005c00spc200
huawei/ngfw_module_firmware
v500r005c00spc100
huawei/ngfw_module_firmware
v500r005c00spc200
huawei/nip6000e_firmware
v600r006c00
huawei/nip6300_firmware
v500r001c30spc200
huawei/nip6300_firmware
v500r001c30spc600
huawei/nip6300_firmware
v500r001c60spc500
huawei/nip6300_firmware
v500r005c00spc100
... and 32 more
Published
Apr 08, 2021
Tracked Since
Feb 18, 2026