CVE-2021-22332

Q: What is the severity of CVE-2021-22332?

CVE-2021-22332 has a CVSS score of 7.5 (HIGH). A double free vulnerability in Huawei CloudEngine switches allows attackers to cause memory corruption by freeing the same pointer twice. This can lead to denial of service through module crashes, potentially disrupting network services. Affected organizations are those using vulnerable versions of CloudEngine 5800, 6800, 7800, and 12800 series switches.

7.5 HIGH

Denial of Service

📋 TL;DR

A double free vulnerability in Huawei CloudEngine switches allows attackers to cause memory corruption by freeing the same pointer twice. This can lead to denial of service through module crashes, potentially disrupting network services. Affected organizations are those using vulnerable versions of CloudEngine 5800, 6800, 7800, and 12800 series switches.

💻 Affected Systems

Products:

CloudEngine 5800
CloudEngine 6800
CloudEngine 7800
CloudEngine 12800

Versions: Specific vulnerable versions not publicly detailed in advisory; check Huawei advisory for exact affected versions

Operating Systems: Huawei VRP (Versatile Routing Platform)

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations using affected software versions are vulnerable; no special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through switch module crashes, potentially affecting entire network segments and causing extended downtime.

🟠

Likely Case

Service interruption through targeted module crashes, requiring device reboots and causing temporary network outages.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, allowing quick detection and recovery from crashes.

🌐 Internet-Facing: MEDIUM - While switches are typically internal, misconfigurations or exposed management interfaces could allow exploitation from external networks.

🏢 Internal Only: HIGH - These are core network devices where exploitation could disrupt critical internal services and connectivity.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires sending malicious operations to the switch, likely requiring some level of network access or authentication. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei advisory for specific fixed versions

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-doublefree-en

Restart Required: Yes

Instructions:

1. Check Huawei advisory for exact affected versions. 2. Download appropriate firmware update from Huawei support. 3. Backup configuration. 4. Apply firmware update following Huawei documentation. 5. Reboot switch. 6. Verify update and restore functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate switch management interfaces from untrusted networks and limit access to authorized administrators only.

Access Control Lists

all

Implement strict ACLs to limit which IP addresses can communicate with switch management interfaces.

# Example ACL to restrict management access
acl number 3000
 rule 5 permit ip source 10.0.0.0 0.255.255.255
 rule 10 deny ip

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable switches from potential attackers
Enable enhanced logging and monitoring for abnormal switch behavior or crash events

🔍 How to Verify

Check if Vulnerable:

Check switch firmware version against Huawei advisory: display version

Check Version:

display version

Verify Fix Applied:

Verify firmware version is updated to patched version: display version

📡 Detection & Monitoring

Log Indicators:

Module crash logs
Unexpected process termination
Memory allocation errors
System reboot events

Network Indicators:

Unusual traffic patterns to switch management interfaces
Service disruption alerts

SIEM Query:

source="switch_logs" AND ("crash" OR "panic" OR "memory error" OR "double free")

📊 Metadata

CVE ID: CVE-2021-22332

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-415

Published: April 28, 2021

Last Updated: November 21, 2024

🔗 References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-doublefree-en Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-doublefree-en Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cloudengine 12800 Firmware by Huawei

Cloudengine 12800 Firmware by Huawei

Cloudengine 12800 Firmware by Huawei

Cloudengine 12800 Firmware by Huawei

Cloudengine 5800 Firmware by Huawei

Cloudengine 5800 Firmware by Huawei

Cloudengine 5800 Firmware by Huawei

Cloudengine 5800 Firmware by Huawei

Cloudengine 6800 Firmware by Huawei

Cloudengine 6800 Firmware by Huawei

Cloudengine 6800 Firmware by Huawei

Cloudengine 6800 Firmware by Huawei

Cloudengine 7800 Firmware by Huawei

Cloudengine 7800 Firmware by Huawei

Cloudengine 7800 Firmware by Huawei

Cloudengine 7800 Firmware by Huawei

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control Lists

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities