First published: Thu Apr 08 2021(Updated: )
There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei IPS firmware | =v500r005c00spc100 | |
Huawei IPS firmware | =v500r005c00spc200 | |
Huawei IPS Module firmware | ||
Huawei NGFW Module firmware | =v500r005c00spc100 | |
Huawei NGFW Module firmware | =v500r005c00spc200 | |
Huawei NGFW Module | ||
Huawei Secospace USG6300 Firmware | =v500r001c30spc200 | |
Huawei Secospace USG6300 Firmware | =v500r001c30spc600 | |
Huawei Secospace USG6300 Firmware | =v500r001c60spc500 | |
Huawei Secospace USG6300 Firmware | =v500r005c00spc100 | |
Huawei Secospace USG6300 Firmware | =v500r005c00spc200 | |
Huawei Secospace USG6300 firmware | ||
Huawei Secospace USG6500 | =v500r001c30spc200 | |
Huawei Secospace USG6500 | =v500r001c30spc600 | |
Huawei Secospace USG6500 | =v500r001c60spc500 | |
Huawei Secospace USG6500 | =v500r005c00spc100 | |
Huawei Secospace USG6500 | =v500r005c00spc200 | |
Huawei Secospace USG6500 firmware | ||
Huawei Secospace USG6600 firmware | =v500r001c30spc200 | |
Huawei Secospace USG6600 firmware | =v500r001c30spc600 | |
Huawei Secospace USG6600 firmware | =v500r001c60spc500 | |
Huawei Secospace USG6600 firmware | =v500r005c00spc100 | |
Huawei Secospace USG6600 firmware | =v500r005c00spc200 | |
Huawei Secospace USG6600 firmware | ||
Huawei Unified Security Gateway Firmware | =v500r001c30spc200 | |
Huawei Unified Security Gateway Firmware | =v500r001c30spc600 | |
Huawei Unified Security Gateway Firmware | =v500r001c60spc500 | |
Huawei Unified Security Gateway Firmware | =v500r005c00spc100 | |
Huawei Unified Security Gateway Firmware | =v500r005c00spc200 | |
Huawei Eudemon USG9500 | ||
Huawei NIP6300 firmware | =v500r001c30spc200 | |
Huawei NIP6300 firmware | =v500r001c30spc600 | |
Huawei NIP6300 firmware | =v500r001c60spc500 | |
Huawei NIP6300 firmware | =v500r005c00spc100 | |
Huawei NIP6300 firmware | =v500r005c00spc200 | |
Huawei NIP6300 firmware | ||
Huawei NIP6600 | =v500r001c30spc200 | |
Huawei NIP6600 | =v500r001c30spc600 | |
Huawei NIP6600 | =v500r001c60spc500 | |
Huawei NIP6600 | =v500r005c00spc100 | |
Huawei NIP6600 | =v500r005c00spc200 | |
Huawei NIP6600 firmware | ||
Huawei NIP6800 Firmware | =v500r001c30spc200 | |
Huawei NIP6800 Firmware | =v500r001c30spc600 | |
Huawei NIP6800 Firmware | =v500r001c60spc500 | |
Huawei NIP6800 Firmware | =v500r005c00spc100 | |
Huawei NIP6800 Firmware | =v500r005c00spc200 | |
Huawei NIP6800 Firmware | ||
Huawei USG6000E | =v600r006c00 | |
Huawei USG6000E Firmware | ||
Huawei nip6000e | =v600r006c00 | |
Huawei NIP6000E | ||
Huawei IPS6000E | =v600r006c00 | |
Huawei IPS6000E Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-22312 has a severity rating that indicates it could allow an authenticated remote attacker to exploit the memory leak and potentially disrupt services.
To fix CVE-2021-22312, you should upgrade to the latest firmware versions provided by Huawei that address this vulnerability.
CVE-2021-22312 affects various Huawei products, including certain versions of the IPS module, NGFW module, and USG series firmware.
Exploiting CVE-2021-22312 may result in service abnormalities due to improper memory management.
Yes, an authenticated attacker is required to exploit CVE-2021-22312 by sending specific messages to the affected products.