CVE-2021-22356

MEDIUM

Huawei IPS/NGFW/USG Modules - Information Disclosure via Weak Cryptographic Algorithm

Title source: llm

Description

There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions include: IPS Module V500R005C00SPC100, V500R005C00SPC200; NGFW Module V500R005C00SPC100, V500R005C00SPC200; Secospace USG6300 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6600 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; USG9500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210512-01-infomationleak-en

Scores

CVSS v3 5.9

EPSS 0.0007

EPSS Percentile 21.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-327

Status published

Products (24)

huawei/ips_module_firmware v500r005c00spc100

huawei/ips_module_firmware v500r005c00spc200

huawei/ngfw_module_firmware v500r005c00spc100

huawei/ngfw_module_firmware v500r005c00spc200

huawei/secospace_usg6300_firmware v500r001c30spc200

huawei/secospace_usg6300_firmware v500r001c30spc600

huawei/secospace_usg6300_firmware v500r001c60spc500

huawei/secospace_usg6300_firmware v500r005c00spc100

huawei/secospace_usg6300_firmware v500r005c00spc200

huawei/secospace_usg6500_firmware v500r001c30spc200

... and 14 more

Published Nov 23, 2021

Tracked Since Feb 18, 2026