Vulnerability-Lookup

CVE-2021-22363 (GCVE-0-2021-22363)

Vulnerability from cvelistv5 – Published: 2021-06-22 18:49 – Updated: 2024-08-03 18:44

Summary

Severity ?

No CVSS data available.

CWE

Resource Management Error

Assigner

huawei

References

URL

	Vendor	Product	Version
	n/a	eCNS280_TD	Affected: V100R005C10SPC650

GHSA-F4H5-FX46-QJXF

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-22363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-22T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices.",
  "id": "GHSA-f4h5-fx46-qjxf",
  "modified": "2022-05-24T19:05:50Z",
  "published": "2022-05-24T19:05:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22363"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-202106-0588

Vulnerability from variot - Updated: 2024-08-14 13:07

There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices. eCNS280_TD Is vulnerable to resource allocation without restrictions or throttling.Denial of service (DoS) It may be put into a state. Huawei eCNS280_TD is the core network device of Huawei's wireless broadband trunking system. Based on Network Functions Virtualization (NFV) and cloud-based architecture design, in addition to providing network functions of traditional core networks, it also virtualizes network element functions and shares standardized hardware resources among multiple network elements. Element provides capacity configuration that can be based on actual applications, improves the efficiency of network expansion and capacity reduction, and improves the efficiency of service online. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0588",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ecns280 td",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v100r005c10spc650"
      },
      {
        "model": "ecns280 td",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ecns280 td",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "ecns280_td  firmware  v100r005c10spc650"
      },
      {
        "model": "ecns280 td",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008570"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22363"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vulnerability was discovered by Huawei\u0027s internal testing",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-770"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-22363",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-22363",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2022-04712",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-22363",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-22363",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-22363",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-22363",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-04712",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202106-770",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-770"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22363"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices. eCNS280_TD Is vulnerable to resource allocation without restrictions or throttling.Denial of service  (DoS) It may be put into a state. Huawei eCNS280_TD is the core network device of Huawei\u0027s wireless broadband trunking system. Based on Network Functions Virtualization (NFV) and cloud-based architecture design, in addition to providing network functions of traditional core networks, it also virtualizes network element functions and shares standardized hardware resources among multiple network elements. Element provides capacity configuration that can be based on actual applications, improves the efficiency of network expansion and capacity reduction, and improves the efficiency of service online. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-22363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008570"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-04712"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-22363",
        "trust": 3.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008570",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-04712",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021061101",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-770",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-770"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22363"
      }
    ]
  },
  "id": "VAR-202106-0588",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04712"
      }
    ],
    "trust": 1.2363636
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04712"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:07:44.722000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20210609-01-resource",
        "trust": 0.8,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en"
      },
      {
        "title": "Patch for Huawei eCNS280_TD resource management error vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/314256"
      },
      {
        "title": "Huawei eCNS280_TD Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155524"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-770"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-770",
        "trust": 1.0
      },
      {
        "problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008570"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22363"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021061101"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210609-01-resource-cn"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-770"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22363"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-770"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22363"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-04712"
      },
      {
        "date": "2022-03-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-008570"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-770"
      },
      {
        "date": "2021-06-22T19:15:07.920000",
        "db": "NVD",
        "id": "CVE-2021-22363"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-04712"
      },
      {
        "date": "2022-03-18T09:13:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-008570"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-770"
      },
      {
        "date": "2021-06-29T17:25:03.547000",
        "db": "NVD",
        "id": "CVE-2021-22363"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-770"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei eCNS280_TD resource management error vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-04712"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-770"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

GSD-2021-22363

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-22363

Aliases

CVE-2021-22363

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-22363",
    "description": "There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices.",
    "id": "GSD-2021-22363"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-22363"
      ],
      "details": "There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices.",
      "id": "GSD-2021-22363",
      "modified": "2023-12-13T01:23:24.997745Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2021-22363",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "eCNS280_TD",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V100R005C10SPC650"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Resource Management Error"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en",
            "refsource": "MISC",
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10spc650:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2021-22363"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-770"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-06-29T17:25Z",
      "publishedDate": "2021-06-22T19:15Z"
    }
  }
}

FKIE_CVE-2021-22363

Vulnerability from fkie_nvd - Published: 2021-06-22 19:15 - Updated: 2024-11-21 05:49

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	psirt@huawei.com	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en	Vendor Advisory

Impacted products

	Vendor	Product	Version
	huawei	ecns280_td_firmware	v100r005c10spc650
	huawei	ecns280_td	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10spc650:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEF25AB9-70FA-41EB-8F73-555826C493D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "900FA565-05B8-41E9-BE02-9BC4E14A28F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de error de administraci\u00f3n de recursos en eCNS280_TD V100R005C10SPC650. Un atacante necesita llevar a cabo operaciones espec\u00edficas para explotar la vulnerabilidad en el dispositivo afectado. Debido a la administraci\u00f3n inapropiada de los recursos de la funci\u00f3n, la vulnerabilidad puede ser explotada para causar un servicio anormal en los dispositivos afectados"
    }
  ],
  "id": "CVE-2021-22363",
  "lastModified": "2024-11-21T05:49:58.810",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-22T19:15:07.920",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2022-04712

Vulnerability from cnvd - Published: 2022-01-18

Title

Huawei eCNS280_TD资源管理错误漏洞

Description

Huawei eCNS280_TD是中国华为（Huawei）公司的无线宽带集群系统的核心网设备。基于网络功能虚拟化(Network Functions Virtualization，NFV)和云化架构设计，提供传统核心网的网络功能外，还通过将网元功能虚拟化、在多网元间共享标准化硬件资源，来给各网元提供可根据实际应用的容量配置，提高网络扩容减容效率，提升业务上线效率。 Huawei eCNS280_TD存在资源管理错误漏洞，该漏洞源于某项功能分配的资源管理不恰当，攻击者可利用该漏洞导致受影响设备服务异常。

Severity

中

Patch Name

Huawei eCNS280_TD资源管理错误漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210609-01-resource-cn

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-22363

Impacted products

Name
Huawei Huawei eCNS280_TD

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22363",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-22363"
    }
  },
  "description": "Huawei eCNS280_TD\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u65e0\u7ebf\u5bbd\u5e26\u96c6\u7fa4\u7cfb\u7edf\u7684\u6838\u5fc3\u7f51\u8bbe\u5907\u3002\u57fa\u4e8e\u7f51\u7edc\u529f\u80fd\u865a\u62df\u5316(Network Functions Virtualization\uff0cNFV)\u548c\u4e91\u5316\u67b6\u6784\u8bbe\u8ba1\uff0c\u63d0\u4f9b\u4f20\u7edf\u6838\u5fc3\u7f51\u7684\u7f51\u7edc\u529f\u80fd\u5916\uff0c\u8fd8\u901a\u8fc7\u5c06\u7f51\u5143\u529f\u80fd\u865a\u62df\u5316\u3001\u5728\u591a\u7f51\u5143\u95f4\u5171\u4eab\u6807\u51c6\u5316\u786c\u4ef6\u8d44\u6e90\uff0c\u6765\u7ed9\u5404\u7f51\u5143\u63d0\u4f9b\u53ef\u6839\u636e\u5b9e\u9645\u5e94\u7528\u7684\u5bb9\u91cf\u914d\u7f6e\uff0c\u63d0\u9ad8\u7f51\u7edc\u6269\u5bb9\u51cf\u5bb9\u6548\u7387\uff0c\u63d0\u5347\u4e1a\u52a1\u4e0a\u7ebf\u6548\u7387\u3002\n\nHuawei eCNS280_TD\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u67d0\u9879\u529f\u80fd\u5206\u914d\u7684\u8d44\u6e90\u7ba1\u7406\u4e0d\u6070\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u8bbe\u5907\u670d\u52a1\u5f02\u5e38\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210609-01-resource-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-04712",
  "openTime": "2022-01-18",
  "patchDescription": "Huawei eCNS280_TD\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u65e0\u7ebf\u5bbd\u5e26\u96c6\u7fa4\u7cfb\u7edf\u7684\u6838\u5fc3\u7f51\u8bbe\u5907\u3002\u57fa\u4e8e\u7f51\u7edc\u529f\u80fd\u865a\u62df\u5316(Network Functions Virtualization\uff0cNFV)\u548c\u4e91\u5316\u67b6\u6784\u8bbe\u8ba1\uff0c\u63d0\u4f9b\u4f20\u7edf\u6838\u5fc3\u7f51\u7684\u7f51\u7edc\u529f\u80fd\u5916\uff0c\u8fd8\u901a\u8fc7\u5c06\u7f51\u5143\u529f\u80fd\u865a\u62df\u5316\u3001\u5728\u591a\u7f51\u5143\u95f4\u5171\u4eab\u6807\u51c6\u5316\u786c\u4ef6\u8d44\u6e90\uff0c\u6765\u7ed9\u5404\u7f51\u5143\u63d0\u4f9b\u53ef\u6839\u636e\u5b9e\u9645\u5e94\u7528\u7684\u5bb9\u91cf\u914d\u7f6e\uff0c\u63d0\u9ad8\u7f51\u7edc\u6269\u5bb9\u51cf\u5bb9\u6548\u7387\uff0c\u63d0\u5347\u4e1a\u52a1\u4e0a\u7ebf\u6548\u7387\u3002\r\n\r\nHuawei eCNS280_TD\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u67d0\u9879\u529f\u80fd\u5206\u914d\u7684\u8d44\u6e90\u7ba1\u7406\u4e0d\u6070\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u8bbe\u5907\u670d\u52a1\u5f02\u5e38\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei eCNS280_TD\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei Huawei eCNS280_TD"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-22363",
  "serverity": "\u4e2d",
  "submitTime": "2021-06-18",
  "title": "Huawei eCNS280_TD\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22363 (GCVE-0-2021-22363)

GHSA-F4H5-FX46-QJXF

VAR-202106-0588

GSD-2021-22363

FKIE_CVE-2021-22363

CNVD-2022-04712

Tags

Sightings

Nomenclature