CVE-2021-39995

Опубликовано: 29 нояб. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 6.8

EPSS Низкий

Описание

Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211124-03-dos-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:*:*:*:*:*:*:*

cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:*:*:*:*:*:*:*

cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ese620x_vess:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00164

Низкий

6.5 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-mjvc-frcm-6323

github

около 4 лет назад