CVE-2021-37122 Information

Description

There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800V200R005C20SPC800V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800V200R019C00SPC800.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211008-01-cloudengine-en

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5