CVE-2021-22342

There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20.

Published: Jun 22, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-22342
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
huawei / ips_module_firmware	500r005c00	500r005c00.x
huawei / ips_module_firmware	500r005c10	500r005c10.x
huawei / ips_module_firmware	500r005c20	500r005c20.x
huawei / ngfw_module_firmware	500r005c00	500r005c00.x
huawei / ngfw_module_firmware	500r005c10	500r005c10.x
huawei / ngfw_module_firmware	500r005c20	500r005c20.x
huawei / semg9811_firmware	500r005c00	500r005c00.x
huawei / usg9500_firmware	500r001c00	500r001c00.x
huawei / usg9500_firmware	500r001c20	500r001c20.x
huawei / usg9500_firmware	500r001c30	500r001c30.x
huawei / usg9500_firmware	500r001c50	500r001c50.x
huawei / usg9500_firmware	500r001c60	500r001c60.x
huawei / usg9500_firmware	500r001c80	500r001c80.x
huawei / usg9500_firmware	500r005c00	500r005c00.x
huawei / usg9500_firmware	500r005c10	500r005c10.x
huawei / usg9500_firmware	500r005c20	500r005c20.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-infomationleak-en

Vulnerability Database

289,697

CVE-2021-22342