Sign-up

ID

VAR-202104-2041


TITLE

Multiple Huawei CloudEngine products repeatedly release pointer vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2021-25946

DESCRIPTION

Huawei CloudEngine 12800, etc. are all products of China's Huawei (Huawei) company. Huawei CloudEngine 12800 is a 12800 series data center switch. Huawei Cloudengine 5800 is a 5800 series data center switch. Huawei Cloudengine 6800 is a 6800 series data center switch. Many Huawei CloudEngine products have repeated pointer release vulnerabilities. Attackers can cause pointers to be repeatedly released by performing malicious operations, causing the affected modules to crash and affecting normal functions.

Trust: 0.6

sources: CNVD: CNVD-2021-25946

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-25946

AFFECTED PRODUCTS

vendor:huaweimodel:cloudengine v200r002c50spc800scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r003c00spc810scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r005c00spc800scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r005c10spc800scope:eqversion:12800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r002c50spc800scope:eqversion:5800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r003c00spc810scope:eqversion:5800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r005c00spc800scope:eqversion:5800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r005c10spc800scope:eqversion:5800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r002c50spc800scope:eqversion:6800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r003c00spc810scope:eqversion:6800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r005c00spc800scope:eqversion:6800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r005c10spc800scope:eqversion:6800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r002c50spc800scope:eqversion:7800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r003c00spc810scope:eqversion:7800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r005c00spc800scope:eqversion:7800

Trust: 0.6

vendor:huaweimodel:cloudengine v200r005c10spc800scope:eqversion:7800

Trust: 0.6

sources: CNVD: CNVD-2021-25946

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2021-25946
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2021-25946
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2021-25946

PATCH

title:Patch for Multiple Huawei CloudEngine products repeatedly release pointer vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/256531

Trust: 0.6

sources: CNVD: CNVD-2021-25946

EXTERNAL IDS

db:CNVDid:CNVD-2021-25946

Trust: 0.6

sources: CNVD: CNVD-2021-25946

REFERENCES

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210407-01-doublefree-cn

Trust: 0.6

sources: CNVD: CNVD-2021-25946

SOURCES

db:CNVDid:CNVD-2021-25946

LAST UPDATE DATE

2022-05-04T09:49:54.539000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-25946date:2021-04-08T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-25946date:2021-04-08T00:00:00