CVE-2021-22309
First published: Mon Mar 22 2021(Updated: )
There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Usg9500 Firmware | =v500r001c30spc200 | |
| Huawei Usg9500 Firmware | =v500r001c60spc500 | |
| Huawei Usg9500 Firmware | =v500r005c00spc200 | |
| Huawei USG9500 | ||
| Huawei Usg9520 Firmware | =v500r005c00 | |
| Huawei USG9520 | ||
| Huawei Usg9560 Firmware | =v500r005c00 | |
| Huawei USG9560 | ||
| Huawei Usg9580 Firmware | =v500r005c00 | |
| Huawei Usg9580 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-22309?
CVE-2021-22309 is an insecure algorithm vulnerability found in Huawei products.
How does the CVE-2021-22309 vulnerability work?
The CVE-2021-22309 vulnerability occurs when a module in Huawei products uses less random input in a secure mechanism, allowing attackers to exploit it through brute forcing to obtain sensitive information.
What is the severity of CVE-2021-22309?
The severity of CVE-2021-22309 is high, with a severity value of 7.5.
Which Huawei products are affected by CVE-2021-22309?
The affected product versions include Huawei USG9500 firmware versions V500R001C30SPC200, V500R001C60SPC500, and V500R005C00SPC200, as well as Huawei USG9520 firmware version V500R005C00 and Huawei USG9560 firmware version V500R005C00.
How can attackers exploit the CVE-2021-22309 vulnerability?
Attackers can exploit the CVE-2021-22309 vulnerability by brute forcing to obtain sensitive information, leading to potential information leaks.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei usg9500 firmware
- version/huawei usg9500 firmware/v500r001c30spc200
- version/huawei usg9500 firmware/v500r001c60spc500
- version/huawei usg9500 firmware/v500r005c00spc200
- canonical/huawei usg9500
- canonical/huawei usg9520 firmware
- version/huawei usg9520 firmware/v500r005c00
- canonical/huawei usg9520
- canonical/huawei usg9560 firmware
- version/huawei usg9560 firmware/v500r005c00
- canonical/huawei usg9560
- canonical/huawei usg9580 firmware
- version/huawei usg9580 firmware/v500r005c00
- canonical/huawei usg9580