Vulnerability-Lookup

CVE-2021-22292 (GCVE-0-2021-22292)

Vulnerability from cvelistv5 – Published: 2021-02-06 02:09 – Updated: 2024-08-03 18:37

Summary

Severity ?

No CVSS data available.

CWE

Denial of Service

Assigner

huawei

References

URL

	Vendor	Product	Version
	n/a	eCNS280	Affected: V100R005C00 Affected: V100R005C10

GSD-2021-22292

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-22292

Aliases

CVE-2021-22292

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-22292",
    "description": "There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.",
    "id": "GSD-2021-22292"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-22292"
      ],
      "details": "There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.",
      "id": "GSD-2021-22292",
      "modified": "2023-12-13T01:23:24.967870Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2021-22292",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "eCNS280",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V100R005C00"
                        },
                        {
                          "version_value": "V100R005C10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en",
            "refsource": "CONFIRM",
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:ecns280_firmware:v100r005c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:ecns280_firmware:v100r005c10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:ecns280:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2021-22292"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-02-10T19:11Z",
      "publishedDate": "2021-02-06T03:15Z"
    }
  }
}

CNVD-2021-20280

Vulnerability from cnvd - Published: 2021-03-21

Title

Huawei eCNS280资源管理错误漏洞

Description

Huawei eCNS280是中国华为（Huawei）公司的无线宽带集群系统的核心网设备。提供传统核心网的网络功能外，还通过将网元功能虚拟化、在多网元间共享标准化硬件资源，来给各网元提供可根据实际应用的容量配置，提高网络扩容减容效率，提升业务上线效率 Huawei eCNS280 versions V100R005C00, V100R005C10存在安全漏洞，该漏洞源于设计缺陷，远程未经授权的攻击者可利用该漏洞向受影响的设备发送大量特定消息。

Severity

高

Patch Name

Huawei eCNS280资源管理错误漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-22292

Impacted products

Name
['Huawei eCNS280 V100R005C00', 'Huawei eCNS280 V100R005C10']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22292",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-22292"
    }
  },
  "description": "Huawei eCNS280\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u65e0\u7ebf\u5bbd\u5e26\u96c6\u7fa4\u7cfb\u7edf\u7684\u6838\u5fc3\u7f51\u8bbe\u5907\u3002\u63d0\u4f9b\u4f20\u7edf\u6838\u5fc3\u7f51\u7684\u7f51\u7edc\u529f\u80fd\u5916\uff0c\u8fd8\u901a\u8fc7\u5c06\u7f51\u5143\u529f\u80fd\u865a\u62df\u5316\u3001\u5728\u591a\u7f51\u5143\u95f4\u5171\u4eab\u6807\u51c6\u5316\u786c\u4ef6\u8d44\u6e90\uff0c\u6765\u7ed9\u5404\u7f51\u5143\u63d0\u4f9b\u53ef\u6839\u636e\u5b9e\u9645\u5e94\u7528\u7684\u5bb9\u91cf\u914d\u7f6e\uff0c\u63d0\u9ad8\u7f51\u7edc\u6269\u5bb9\u51cf\u5bb9\u6548\u7387\uff0c\u63d0\u5347\u4e1a\u52a1\u4e0a\u7ebf\u6548\u7387\n\nHuawei eCNS280 versions V100R005C00, V100R005C10\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbe\u8ba1\u7f3a\u9677\uff0c\u8fdc\u7a0b\u672a\u7ecf\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u53d1\u9001\u5927\u91cf\u7279\u5b9a\u6d88\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-20280",
  "openTime": "2021-03-21",
  "patchDescription": "Huawei eCNS280\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u65e0\u7ebf\u5bbd\u5e26\u96c6\u7fa4\u7cfb\u7edf\u7684\u6838\u5fc3\u7f51\u8bbe\u5907\u3002\u63d0\u4f9b\u4f20\u7edf\u6838\u5fc3\u7f51\u7684\u7f51\u7edc\u529f\u80fd\u5916\uff0c\u8fd8\u901a\u8fc7\u5c06\u7f51\u5143\u529f\u80fd\u865a\u62df\u5316\u3001\u5728\u591a\u7f51\u5143\u95f4\u5171\u4eab\u6807\u51c6\u5316\u786c\u4ef6\u8d44\u6e90\uff0c\u6765\u7ed9\u5404\u7f51\u5143\u63d0\u4f9b\u53ef\u6839\u636e\u5b9e\u9645\u5e94\u7528\u7684\u5bb9\u91cf\u914d\u7f6e\uff0c\u63d0\u9ad8\u7f51\u7edc\u6269\u5bb9\u51cf\u5bb9\u6548\u7387\uff0c\u63d0\u5347\u4e1a\u52a1\u4e0a\u7ebf\u6548\u7387\r\n\r\nHuawei eCNS280 versions V100R005C00, V100R005C10\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbe\u8ba1\u7f3a\u9677\uff0c\u8fdc\u7a0b\u672a\u7ecf\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u53d1\u9001\u5927\u91cf\u7279\u5b9a\u6d88\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei eCNS280\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei eCNS280 V100R005C00",
      "Huawei eCNS280 V100R005C10"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-22292",
  "serverity": "\u9ad8",
  "submitTime": "2021-01-29",
  "title": "Huawei eCNS280\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

VAR-202102-0636

Vulnerability from variot - Updated: 2024-11-23 22:37

There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. Huawei eCNS280 is the core network equipment of China's Huawei (Huawei) wireless broadband trunking system. In addition to providing the network functions of the traditional core network, it also provides capacity configuration for each network element according to the actual application by virtualizing the network element functions and sharing standardized hardware resources among multiple network elements, which improves the efficiency of network expansion and reduction. The vulnerability is due to a design flaw

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0636",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ecns280",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v100r005c10"
      },
      {
        "model": "ecns280",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v100r005c00"
      },
      {
        "model": "ecns280",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "ecns280  firmware  v100r005c00"
      },
      {
        "model": "ecns280",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "ecns280  firmware  v100r005c10"
      },
      {
        "model": "ecns280",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ecns280 v100r005c00",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ecns280 v100r005c10",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003369"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22292"
      }
    ]
  },
  "cve": "CVE-2021-22292",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-22292",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-20280",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-22292",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-22292",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-22292",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-22292",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-20280",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-560",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-560"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22292"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. Huawei eCNS280 is the core network equipment of China\u0027s Huawei (Huawei) wireless broadband trunking system. In addition to providing the network functions of the traditional core network, it also provides capacity configuration for each network element according to the actual application by virtualizing the network element functions and sharing standardized hardware resources among multiple network elements, which improves the efficiency of network expansion and reduction. The vulnerability is due to a design flaw",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-22292"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003369"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-20280"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22292"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-22292",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003369",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-20280",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-560",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22292",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20280"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22292"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-560"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22292"
      }
    ]
  },
  "id": "VAR-202102-0636",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20280"
      }
    ],
    "trust": 1.4181818000000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20280"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:37:05.014000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20210113-02-dos",
        "trust": 0.8,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"
      },
      {
        "title": "Patch for Huawei eCNS280 resource management error vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/254136"
      },
      {
        "title": "Huawei eCNS280 Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141728"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-560"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003369"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22292"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22292"
      },
      {
        "trust": 1.7,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20280"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22292"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-560"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22292"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20280"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22292"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-560"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22292"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-20280"
      },
      {
        "date": "2021-02-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-22292"
      },
      {
        "date": "2021-10-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003369"
      },
      {
        "date": "2021-02-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-560"
      },
      {
        "date": "2021-02-06T03:15:12.720000",
        "db": "NVD",
        "id": "CVE-2021-22292"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-20280"
      },
      {
        "date": "2021-02-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-22292"
      },
      {
        "date": "2021-10-25T08:30:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003369"
      },
      {
        "date": "2022-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-560"
      },
      {
        "date": "2024-11-21T05:49:51.380000",
        "db": "NVD",
        "id": "CVE-2021-22292"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-560"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei eCNS280 resource management error vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20280"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-560"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-560"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2021-22292

Vulnerability from fkie_nvd - Published: 2021-02-06 03:15 - Updated: 2024-11-21 05:49

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	psirt@huawei.com	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en	Vendor Advisory

Impacted products

Vendor	Product	Version
huawei	ecns280_firmware	v100r005c00
huawei	ecns280_firmware	v100r005c10
huawei	ecns280	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ecns280_firmware:v100r005c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "576F98F8-B0AB-4D3F-B1EC-65FD12C91A79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:ecns280_firmware:v100r005c10:*:*:*:*:*:*:*",
              "matchCriteriaId": "375D7506-5F13-4CAA-800F-6C73ADEBF2E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ecns280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F2A8E0-6BF8-4F16-9E44-B05B8FE72FDC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en eCNS280 versiones V100R005C00, V100R005C10.\u0026#xa0;Debido a un defecto de dise\u00f1o, atacantes remotos no autorizados env\u00edan una gran cantidad de mensajes espec\u00edficos a unos dispositivos afectados, causando un agotamiento de los recursos del sistema y una denegaci\u00f3n de servicio de la aplicaci\u00f3n web"
    }
  ],
  "id": "CVE-2021-22292",
  "lastModified": "2024-11-21T05:49:51.380",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-06T03:15:12.720",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-XPXM-9VVW-PJC3

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-07-13 00:01

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-22292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-06T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.",
  "id": "GHSA-xpxm-9vvw-pjc3",
  "modified": "2022-07-13T00:01:09Z",
  "published": "2022-05-24T17:41:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22292"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22292 (GCVE-0-2021-22292)

GSD-2021-22292

CNVD-2021-20280

VAR-202102-0636

FKIE_CVE-2021-22292

GHSA-XPXM-9VVW-PJC3

Tags

Sightings

Nomenclature