Details of VAR-202106-0588

ID

VAR-202106-0588

CVE

CVE-2021-22363

TITLE

Huawei eCNS280_TD resource management error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-04712 // CNNVD: CNNVD-202106-770

DESCRIPTION

There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices. eCNS280_TD Is vulnerable to resource allocation without restrictions or throttling.Denial of service (DoS) It may be put into a state. Huawei eCNS280_TD is the core network device of Huawei's wireless broadband trunking system. Based on Network Functions Virtualization (NFV) and cloud-based architecture design, in addition to providing network functions of traditional core networks, it also virtualizes network element functions and shares standardized hardware resources among multiple network elements. Element provides capacity configuration that can be based on actual applications, improves the efficiency of network expansion and capacity reduction, and improves the efficiency of service online. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.7

sources: NVD: CVE-2021-22363 // JVNDB: JVNDB-2021-008570 // CNVD: CNVD-2022-04712 // CNNVD: CNNVD-202104-975

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-04712

AFFECTED PRODUCTS

vendor:	huawei	model:	ecns280 td	scope:	eq	version:	v100r005c10spc650	Trust: 1.0
vendor:	huawei	model:	ecns280 td	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	ecns280 td	scope:	eq	version:	ecns280_td firmware v100r005c10spc650	Trust: 0.8
vendor:	huawei	model:	ecns280 td	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-04712 // JVNDB: JVNDB-2021-008570 // NVD: CVE-2021-22363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22363
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22363
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-04712
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-770
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-22363
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-04712
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22363
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22363
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-04712 // JVNDB: JVNDB-2021-008570 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-770 // NVD: CVE-2021-22363

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.0
problemtype:	Allocation of resources without limits or throttling (CWE-770) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008570 // NVD: CVE-2021-22363

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-770

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	huawei-sa-20210609-01-resource	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en	Trust: 0.8
title:	Patch for Huawei eCNS280_TD resource management error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/314256	Trust: 0.6
title:	Huawei eCNS280_TD Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155524	Trust: 0.6

sources: CNVD: CNVD-2022-04712 // JVNDB: JVNDB-2021-008570 // CNNVD: CNNVD-202106-770

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22363	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-008570	Trust: 0.8
db:	CNVD	id:	CNVD-2022-04712	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021061101	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-770	Trust: 0.6

sources: CNVD: CNVD-2022-04712 // JVNDB: JVNDB-2021-008570 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-770 // NVD: CVE-2021-22363

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210609-01-resource-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22363	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061101	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210609-01-resource-cn	Trust: 0.6

sources: CNVD: CNVD-2022-04712 // JVNDB: JVNDB-2021-008570 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-770 // NVD: CVE-2021-22363

CREDITS

The vulnerability was discovered by Huawei's internal testing

Trust: 0.6

sources: CNNVD: CNNVD-202106-770

SOURCES

db:	CNVD	id:	CNVD-2022-04712
db:	JVNDB	id:	JVNDB-2021-008570
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-770
db:	NVD	id:	CVE-2021-22363

LAST UPDATE DATE

2024-08-14T13:07:44.722000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-04712	date:	2022-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-008570	date:	2022-03-18T09:13:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-770	date:	2021-06-30T00:00:00
db:	NVD	id:	CVE-2021-22363	date:	2021-06-29T17:25:03.547

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-04712	date:	2022-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-008570	date:	2022-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-770	date:	2021-06-09T00:00:00
db:	NVD	id:	CVE-2021-22363	date:	2021-06-22T19:15:07.920