mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
126 lines
4.1 KiB
JSON
126 lines
4.1 KiB
JSON
{
|
|
"id": "CVE-2021-22365",
|
|
"sourceIdentifier": "psirt@huawei.com",
|
|
"published": "2021-06-22T18:15:08.003",
|
|
"lastModified": "2021-06-29T15:35:28.217",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites en eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. Un atacante local puede explotar esta vulnerabilidad mediante el env\u00edo de un mensaje espec\u00edfico al dispositivo de destino. Debido a la insuficiente comprobaci\u00f3n del mensaje interno, una explotaci\u00f3n con \u00e9xito puede causar el proceso y el servicio anormal"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 3.3,
|
|
"baseSeverity": "LOW"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 1.4
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
|
|
"accessVector": "LOCAL",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 2.1
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-125"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c10spc200:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3D09A362-885C-4CAD-931B-ECFBB857F849"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v100r001c20spc200:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BB48C0D8-E413-411E-9565-9AABA0A70CD1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:huawei:ese620x_vess_firmware:v200r001c00spc300:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "60AA30F0-E1A9-4D25-AE84-6CF952FD8E97"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:huawei:ese620x_vess:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9AC039E0-A953-4C79-B751-5B9738371DF0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210526-02-outbounds-en",
|
|
"source": "psirt@huawei.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |