First published: Tue Nov 23 2021(Updated: )
There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions include: IPS Module V500R005C00SPC100, V500R005C00SPC200; NGFW Module V500R005C00SPC100, V500R005C00SPC200; Secospace USG6300 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6600 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; USG9500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Ips Module Firmware | =v500r005c00spc100 | |
Huawei Ips Module Firmware | =v500r005c00spc200 | |
Huawei IPS Module | ||
Huawei Ngfw Module Firmware | =v500r005c00spc100 | |
Huawei Ngfw Module Firmware | =v500r005c00spc200 | |
Huawei NGFW Module | ||
Huawei Secospace Usg6300 Firmware | =v500r001c30spc200 | |
Huawei Secospace Usg6300 Firmware | =v500r001c30spc600 | |
Huawei Secospace Usg6300 Firmware | =v500r001c60spc500 | |
Huawei Secospace Usg6300 Firmware | =v500r005c00spc100 | |
Huawei Secospace Usg6300 Firmware | =v500r005c00spc200 | |
Huawei Secospace USG6300 | ||
Huawei Secospace Usg6500 Firmware | =v500r001c30spc200 | |
Huawei Secospace Usg6500 Firmware | =v500r001c30spc600 | |
Huawei Secospace Usg6500 Firmware | =v500r001c60spc500 | |
Huawei Secospace Usg6500 Firmware | =v500r005c00spc100 | |
Huawei Secospace Usg6500 Firmware | =v500r005c00spc200 | |
Huawei Secospace Usg6500 | ||
Huawei Secospace Usg6600 Firmware | =v500r001c30spc200 | |
Huawei Secospace Usg6600 Firmware | =v500r001c30spc600 | |
Huawei Secospace Usg6600 Firmware | =v500r001c60spc500 | |
Huawei Secospace Usg6600 Firmware | =v500r005c00spc100 | |
Huawei Secospace Usg6600 Firmware | =v500r005c00spc200 | |
Huawei Secospace USG6600 | ||
Huawei Usg9500 Firmware | =v500r001c30spc200 | |
Huawei Usg9500 Firmware | =v500r001c30spc600 | |
Huawei Usg9500 Firmware | =v500r001c60spc500 | |
Huawei Usg9500 Firmware | =v500r005c00spc100 | |
Huawei Usg9500 Firmware | =v500r005c00spc200 | |
Huawei USG9500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Vulnerability CVE-2021-22356 is a weak secure algorithm vulnerability found in Huawei products.
The severity of vulnerability CVE-2021-22356 is medium with a severity value of 5.9.
Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information.
The affected Huawei products include Ips Module Firmware, Ngfw Module Firmware, and Secospace Usg6300/6500/6600 Firmware.
To fix vulnerability CVE-2021-22356, it is recommended to apply the security patch provided by Huawei.