Sign-up

ID

VAR-202102-0636


CVE

CVE-2021-22292


TITLE

Huawei eCNS280 resource management error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-20280 // CNNVD: CNNVD-202102-560

DESCRIPTION

There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. Huawei eCNS280 is the core network equipment of China's Huawei (Huawei) wireless broadband trunking system. In addition to providing the network functions of the traditional core network, it also provides capacity configuration for each network element according to the actual application by virtualizing the network element functions and sharing standardized hardware resources among multiple network elements, which improves the efficiency of network expansion and reduction. The vulnerability is due to a design flaw

Trust: 2.25

sources: NVD: CVE-2021-22292 // JVNDB: JVNDB-2021-003369 // CNVD: CNVD-2021-20280 // VULMON: CVE-2021-22292

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-20280

AFFECTED PRODUCTS

vendor:huaweimodel:ecns280scope:eqversion:v100r005c10

Trust: 1.0

vendor:huaweimodel:ecns280scope:eqversion:v100r005c00

Trust: 1.0

vendor:huaweimodel:ecns280scope:eqversion:ecns280 firmware v100r005c00

Trust: 0.8

vendor:huaweimodel:ecns280scope:eqversion:ecns280 firmware v100r005c10

Trust: 0.8

vendor:huaweimodel:ecns280scope:eqversion: -

Trust: 0.8

vendor:huaweimodel:ecns280 v100r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns280 v100r005c10scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-20280 // JVNDB: JVNDB-2021-003369 // NVD: CVE-2021-22292

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22292
value: HIGH

Trust: 1.0

NVD: CVE-2021-22292
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-20280
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202102-560
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-22292
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-20280
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-22292
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-22292
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-20280 // JVNDB: JVNDB-2021-003369 // CNNVD: CNNVD-202102-560 // NVD: CVE-2021-22292

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-003369 // NVD: CVE-2021-22292

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-560

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202102-560

PATCH

title:huawei-sa-20210113-02-dosurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en

Trust: 0.8

title:Patch for Huawei eCNS280 resource management error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/254136

Trust: 0.6

title:Huawei eCNS280 Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141728

Trust: 0.6

sources: CNVD: CNVD-2021-20280 // JVNDB: JVNDB-2021-003369 // CNNVD: CNNVD-202102-560

EXTERNAL IDS

db:NVDid:CVE-2021-22292

Trust: 3.1

db:JVNDBid:JVNDB-2021-003369

Trust: 0.8

db:CNVDid:CNVD-2021-20280

Trust: 0.6

db:CNNVDid:CNNVD-202102-560

Trust: 0.6

db:VULMONid:CVE-2021-22292

Trust: 0.1

sources: CNVD: CNVD-2021-20280 // VULMON: CVE-2021-22292 // JVNDB: JVNDB-2021-003369 // CNNVD: CNNVD-202102-560 // NVD: CVE-2021-22292

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-22292

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-02-dos-en

Trust: 1.7

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-20280 // VULMON: CVE-2021-22292 // JVNDB: JVNDB-2021-003369 // CNNVD: CNNVD-202102-560 // NVD: CVE-2021-22292

SOURCES

db:CNVDid:CNVD-2021-20280
db:VULMONid:CVE-2021-22292
db:JVNDBid:JVNDB-2021-003369
db:CNNVDid:CNNVD-202102-560
db:NVDid:CVE-2021-22292

LAST UPDATE DATE

2024-11-23T22:37:05.014000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-20280date:2021-03-23T00:00:00
db:VULMONid:CVE-2021-22292date:2021-02-10T00:00:00
db:JVNDBid:JVNDB-2021-003369date:2021-10-25T08:30:00
db:CNNVDid:CNNVD-202102-560date:2022-07-14T00:00:00
db:NVDid:CVE-2021-22292date:2024-11-21T05:49:51.380

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-20280date:2021-03-21T00:00:00
db:VULMONid:CVE-2021-22292date:2021-02-06T00:00:00
db:JVNDBid:JVNDB-2021-003369date:2021-10-25T00:00:00
db:CNNVDid:CNNVD-202102-560date:2021-02-05T00:00:00
db:NVDid:CVE-2021-22292date:2021-02-06T03:15:12.720