Login Sign Up

CVE-2021-22328

7.5 HIGH
Denial of Service

📋 TL;DR

A denial-of-service vulnerability in specific Huawei CloudEngine switches allows attackers to craft malicious packets that cause service disruption. Affected systems include CloudEngine 12800, 5800, 6800, and 7800 series switches running V200R005C00SPC800 firmware. Successful exploitation can lead to abnormal service behavior and potential downtime.

💻 Affected Systems

Products:
  • CloudEngine 12800
  • CloudEngine 5800
  • CloudEngine 6800
  • CloudEngine 7800
Versions: V200R005C00SPC800
Operating Systems: Huawei VRP (Versatile Routing Platform)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects specific firmware version V200R005C00SPC800 across multiple switch models. Other versions are not vulnerable.

📦 What is this software?

Cloudengine 12800 Firmware by Huawei

View all CVEs affecting Cloudengine 12800 Firmware →

Cloudengine 5800 Firmware by Huawei

View all CVEs affecting Cloudengine 5800 Firmware →

Cloudengine 6800 Firmware by Huawei

View all CVEs affecting Cloudengine 6800 Firmware →

Cloudengine 7800 Firmware by Huawei

View all CVEs affecting Cloudengine 7800 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption affecting network connectivity and dependent services, potentially causing extended downtime until systems are restored.

🟠

Likely Case

Partial service degradation affecting specific switch functions, leading to intermittent connectivity issues and performance problems.

🟢

If Mitigated

Minimal impact with proper network segmentation, rate limiting, and monitoring in place to detect and block malicious packets.

🌐 Internet-Facing: MEDIUM - While switches are typically internal, misconfigured or exposed management interfaces could be targeted from external networks.
🏢 Internal Only: HIGH - These are core network switches where exploitation could disrupt internal network operations and connectivity.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting specific packets but does not require authentication. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to versions beyond V200R005C00SPC800

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-dos-en

Restart Required: Yes

Instructions:

1. Download updated firmware from Huawei support portal. 2. Backup current configuration. 3. Upload and install new firmware. 4. Reboot switch. 5. Verify firmware version and functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected switches from untrusted networks and implement strict access controls.

Rate Limiting

linux

Implement packet rate limiting on switch interfaces to mitigate DoS attempts.

qos car inbound any cir 1000 cbs 150000

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable switches
  • Deploy intrusion prevention systems to detect and block malicious packets

🔍 How to Verify

Check if Vulnerable:

Check firmware version using 'display version' command and verify if it matches V200R005C00SPC800

Check Version:

display version | include V200R005C00SPC800

Verify Fix Applied:

After patching, run 'display version' to confirm firmware version has been updated beyond V200R005C00SPC800

📡 Detection & Monitoring

Log Indicators:

  • Unusual packet drops
  • Service restart logs
  • High CPU/memory utilization alerts

Network Indicators:

  • Abnormal packet patterns targeting switch management interfaces
  • Sudden increase in malformed packets

SIEM Query:

source="huawei-switch" AND ("service abnormal" OR "packet drop" OR "CPU high")

📊 Metadata

CVE ID: CVE-2021-22328
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: August 23, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON