VAR-202102-0636
Vulnerability from variot - Updated: 2024-11-23 22:37There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. Huawei eCNS280 is the core network equipment of China's Huawei (Huawei) wireless broadband trunking system. In addition to providing the network functions of the traditional core network, it also provides capacity configuration for each network element according to the actual application by virtualizing the network element functions and sharing standardized hardware resources among multiple network elements, which improves the efficiency of network expansion and reduction. The vulnerability is due to a design flaw
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0636",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ecns280",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r005c10"
},
{
"model": "ecns280",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v100r005c00"
},
{
"model": "ecns280",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "ecns280 firmware v100r005c00"
},
{
"model": "ecns280",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "ecns280 firmware v100r005c10"
},
{
"model": "ecns280",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ecns280 v100r005c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ecns280 v100r005c10",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20280"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003369"
},
{
"db": "NVD",
"id": "CVE-2021-22292"
}
]
},
"cve": "CVE-2021-22292",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22292",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-20280",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22292",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22292",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22292",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22292",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-20280",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-560",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20280"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003369"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-560"
},
{
"db": "NVD",
"id": "CVE-2021-22292"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. Huawei eCNS280 is the core network equipment of China\u0027s Huawei (Huawei) wireless broadband trunking system. In addition to providing the network functions of the traditional core network, it also provides capacity configuration for each network element according to the actual application by virtualizing the network element functions and sharing standardized hardware resources among multiple network elements, which improves the efficiency of network expansion and reduction. The vulnerability is due to a design flaw",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22292"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003369"
},
{
"db": "CNVD",
"id": "CNVD-2021-20280"
},
{
"db": "VULMON",
"id": "CVE-2021-22292"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22292",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003369",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-20280",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-560",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22292",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20280"
},
{
"db": "VULMON",
"id": "CVE-2021-22292"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003369"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-560"
},
{
"db": "NVD",
"id": "CVE-2021-22292"
}
]
},
"id": "VAR-202102-0636",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20280"
}
],
"trust": 1.4181818000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20280"
}
]
},
"last_update_date": "2024-11-23T22:37:05.014000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20210113-02-dos",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"
},
{
"title": "Patch for Huawei eCNS280 resource management error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/254136"
},
{
"title": "Huawei eCNS280 Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141728"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20280"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003369"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-560"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003369"
},
{
"db": "NVD",
"id": "CVE-2021-22292"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22292"
},
{
"trust": 1.7,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20280"
},
{
"db": "VULMON",
"id": "CVE-2021-22292"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003369"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-560"
},
{
"db": "NVD",
"id": "CVE-2021-22292"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-20280"
},
{
"db": "VULMON",
"id": "CVE-2021-22292"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003369"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-560"
},
{
"db": "NVD",
"id": "CVE-2021-22292"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-20280"
},
{
"date": "2021-02-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22292"
},
{
"date": "2021-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003369"
},
{
"date": "2021-02-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-560"
},
{
"date": "2021-02-06T03:15:12.720000",
"db": "NVD",
"id": "CVE-2021-22292"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-20280"
},
{
"date": "2021-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22292"
},
{
"date": "2021-10-25T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-003369"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-560"
},
{
"date": "2024-11-21T05:49:51.380000",
"db": "NVD",
"id": "CVE-2021-22292"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-560"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei eCNS280 resource management error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20280"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-560"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-560"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…