CVE-2021-22359 – This is a denial-of-service vulnerability affec... (How to Fix)

Q: What is the severity of CVE-2021-22359?

CVE-2021-22359 has a CVSS score of 7.5 (HIGH). This is a denial-of-service vulnerability affecting specific Huawei S5700 and S6700 switch models. An attacker can send specially crafted messages to cause service disruption due to insufficient input validation. Organizations using these specific switch versions are affected.

📋 TL;DR

This is a denial-of-service vulnerability affecting specific Huawei S5700 and S6700 switch models. An attacker can send specially crafted messages to cause service disruption due to insufficient input validation. Organizations using these specific switch versions are affected.

💻 Affected Systems

Products:

Huawei S5700
Huawei S6700

Versions: V200R005C00SPC500

Operating Systems: Huawei VRP (Versatile Routing Platform)

Default Config Vulnerable: ⚠️ Yes

Notes: Only specific firmware versions are affected. Other versions of these products are not vulnerable.

📦 What is this software?

S5700 Firmware by Huawei

View all CVEs affecting S5700 Firmware →

S6700 Firmware by Huawei

View all CVEs affecting S6700 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of affected network switches, causing network downtime and business interruption.

🟠

Likely Case

Service degradation or temporary unavailability of affected switches requiring manual intervention.

🟢

If Mitigated

Minimal impact if switches are patched, properly segmented, and have input validation controls.

🌐 Internet-Facing: HIGH if switches are directly exposed to the internet without proper segmentation.

🏢 Internal Only: MEDIUM as internal attackers or compromised systems could still exploit the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specific messages to the device, but exact exploit details are not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to versions beyond V200R005C00SPC500

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-02-dos-en

Restart Required: Yes

Instructions:

1. Download the latest firmware from Huawei support portal. 2. Backup current configuration. 3. Upload and install the new firmware. 4. Reboot the switch. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to affected switches to trusted management networks only.

Configure ACLs to limit access to switch management interfaces

Input Validation Controls

all

Implement additional input validation at network perimeter devices.

Configure firewall rules to filter suspicious traffic patterns

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected switches from untrusted networks
Deploy intrusion detection/prevention systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check the switch firmware version using 'display version' command and verify if it matches the affected version.

Check Version:

display version

Verify Fix Applied:

After patching, run 'display version' to confirm the firmware version has been updated beyond V200R005C00SPC500.

📡 Detection & Monitoring

Log Indicators:

Unexpected service restarts
High CPU/memory usage alerts
Connection drops on affected switches

Network Indicators:

Unusual traffic patterns to switch management interfaces
Specific malformed packets targeting switch services

SIEM Query:

source_ip=* AND dest_ip=[switch_ip] AND (event_type="service_crash" OR event_type="high_resource_usage")

📊 Metadata

CVE ID: CVE-2021-22359

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: May 27, 2021

Last Updated: November 21, 2024

🔗 References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-02-dos-en Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-02-dos-en Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22359, you might also want to check these: