CVE-2021-22356

Summary

CVE	CVE-2021-22356
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-11-23 16:15:00 UTC
Updated	2021-11-29 16:48:00 UTC
Description	There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions include: IPS Module V500R005C00SPC100, V500R005C00SPC200; NGFW Module V500R005C00SPC100, V500R005C00SPC200; Secospace USG6300 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6600 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; USG9500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200.

Risk And Classification

Problem Types: CWE-327

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Huawei	Ips Module	-	All	All	All
Operating System	Huawei	Ips Module Firmware	v500r005c00spc100	All	All	All
Operating System	Huawei	Ips Module Firmware	v500r005c00spc200	All	All	All
Hardware	Huawei	Ngfw Module	-	All	All	All
Operating System	Huawei	Ngfw Module Firmware	v500r005c00spc100	All	All	All
Operating System	Huawei	Ngfw Module Firmware	v500r005c00spc200	All	All	All
Hardware	Huawei	Secospace Usg6300	-	All	All	All
Operating System	Huawei	Secospace Usg6300 Firmware	v500r001c30spc200	All	All	All
Operating System	Huawei	Secospace Usg6300 Firmware	v500r001c30spc600	All	All	All
Operating System	Huawei	Secospace Usg6300 Firmware	v500r001c60spc500	All	All	All
Operating System	Huawei	Secospace Usg6300 Firmware	v500r005c00spc100	All	All	All
Operating System	Huawei	Secospace Usg6300 Firmware	v500r005c00spc200	All	All	All
Hardware	Huawei	Secospace Usg6500	-	All	All	All
Operating System	Huawei	Secospace Usg6500 Firmware	v500r001c30spc200	All	All	All
Operating System	Huawei	Secospace Usg6500 Firmware	v500r001c30spc600	All	All	All
Operating System	Huawei	Secospace Usg6500 Firmware	v500r001c60spc500	All	All	All
Operating System	Huawei	Secospace Usg6500 Firmware	v500r005c00spc100	All	All	All
Operating System	Huawei	Secospace Usg6500 Firmware	v500r005c00spc200	All	All	All
Hardware	Huawei	Secospace Usg6600	-	All	All	All
Operating System	Huawei	Secospace Usg6600 Firmware	v500r001c30spc200	All	All	All
Operating System	Huawei	Secospace Usg6600 Firmware	v500r001c30spc600	All	All	All
Operating System	Huawei	Secospace Usg6600 Firmware	v500r001c60spc500	All	All	All
Operating System	Huawei	Secospace Usg6600 Firmware	v500r005c00spc100	All	All	All
Operating System	Huawei	Secospace Usg6600 Firmware	v500r005c00spc200	All	All	All
Hardware	Huawei	Usg9500	-	All	All	All
Operating System	Huawei	Usg9500 Firmware	v500r001c30spc200	All	All	All
Operating System	Huawei	Usg9500 Firmware	v500r001c30spc600	All	All	All
Operating System	Huawei	Usg9500 Firmware	v500r001c60spc500	All	All	All
Operating System	Huawei	Usg9500 Firmware	v500r005c00spc100	All	All	All
Operating System	Huawei	Usg9500 Firmware	v500r005c00spc200	All	All	All

References

Reference	Source	Link	Tags
Security Advisory - Weak Secure Algorithm Vulnerability in Huawei Product	MISC	www.huawei.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.