CVE-2021-37129

There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20.

Published: Oct 27, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-37129
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
huawei / ips_module_firmware	500r005c00	500r005c00.x
huawei / ips_module_firmware	500r005c20	500r005c20.x
huawei / ngfw_module_firmware	500r005c00	500r005c00.x
huawei / nip6600_firmware	500r005c00	500r005c00.x
huawei / nip6600_firmware	500r005c20	500r005c20.x
huawei / s12700_firmware	200r010c00spc600	200r010c00spc600.x
huawei / s12700_firmware	200r011c10spc500	200r011c10spc500.x
huawei / s12700_firmware	200r011c10spc600	200r011c10spc600.x
huawei / s12700_firmware	200r013c00spc500	200r013c00spc500.x
huawei / s12700_firmware	200r019c00spc200	200r019c00spc200.x
huawei / s12700_firmware	200r019c00spc500	200r019c00spc500.x
huawei / s12700_firmware	200r019c10spc200	200r019c10spc200.x
huawei / s12700_firmware	200r020c00	200r020c00.x
huawei / s12700_firmware	200r020c10	200r020c10.x
huawei / s1700_firmware	200r010c00spc600	200r010c00spc600.x
huawei / s1700_firmware	200r011c10spc500	200r011c10spc500.x
huawei / s1700_firmware	200r011c10spc600	200r011c10spc600.x
huawei / s2700_firmware	200r010c00spc600	200r010c00spc600.x
huawei / s2700_firmware	200r011c10spc500	200r011c10spc500.x
huawei / s2700_firmware	200r011c10spc600	200r011c10spc600.x
huawei / s5700_firmware	200r010c00spc600	200r010c00spc600.x
huawei / s5700_firmware	200r010c00spc700	200r010c00spc700.x
huawei / s5700_firmware	200r011c10spc500	200r011c10spc500.x
huawei / s5700_firmware	200r011c10spc600	200r011c10spc600.x
huawei / s5700_firmware	200r019c00spc500	200r019c00spc500.x
huawei / s6700_firmware	200r010c00spc600	200r010c00spc600.x
huawei / s6700_firmware	200r011c10spc500	200r011c10spc500.x
huawei / s6700_firmware	200r011c10spc600	200r011c10spc600.x
huawei / s7700_firmware	200r010c00spc600	200r010c00spc600.x
huawei / s7700_firmware	200r010c00spc700	200r010c00spc700.x
huawei / s7700_firmware	200r011c10spc500	200r011c10spc500.x
huawei / s7700_firmware	200r011c10spc600	200r011c10spc600.x
huawei / s9700_firmware	200r010c00spc600	200r010c00spc600.x
huawei / s9700_firmware	200r011c10spc500	200r011c10spc500.x
huawei / s9700_firmware	200r011c10spc600	200r011c10spc600.x
huawei / usg9500_firmware	500r005c00	500r005c00.x
huawei / usg9500_firmware	500r005c20	500r005c20.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-outofwrite-en

Vulnerability Database

289,689

CVE-2021-37129