CVE-2021-22393

Q: What is the severity of CVE-2021-22393?

CVE-2021-22393 has a CVSS score of 7.5 (HIGH). A denial-of-service vulnerability exists in Huawei CloudEngine switches where attackers can send specific messages to exhaust system resources. This affects CloudEngine 5800, 6800, 7800, and 12800 series switches running vulnerable software versions. Successful exploitation disrupts normal network services.

7.5 HIGH

Denial of Service

📋 TL;DR

A denial-of-service vulnerability exists in Huawei CloudEngine switches where attackers can send specific messages to exhaust system resources. This affects CloudEngine 5800, 6800, 7800, and 12800 series switches running vulnerable software versions. Successful exploitation disrupts normal network services.

💻 Affected Systems

Products:

CloudEngine 5800
CloudEngine 6800
CloudEngine 7800
CloudEngine 12800

Versions: Specific versions not detailed in advisory - check Huawei advisory for exact affected versions

Operating Systems: Huawei VRP (Versatile Routing Platform)

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations of affected versions are vulnerable. The vulnerability stems from a module design weakness in handling specific messages.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of affected switches, causing network outages for connected systems and services.

🟠

Likely Case

Degraded switch performance leading to packet loss, latency, and intermittent connectivity issues.

🟢

If Mitigated

Minimal impact with proper network segmentation and traffic filtering in place.

🌐 Internet-Facing: HIGH if switches have management interfaces exposed to untrusted networks.

🏢 Internal Only: MEDIUM as internal attackers or compromised systems could still exploit the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a large amount of specific messages to trigger the DoS condition. No authentication is required to send these messages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security advisory for specific patched versions

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-dos-en

Restart Required: Yes

Instructions:

1. Review Huawei security advisory SA-20210324-01. 2. Identify affected switch models and versions. 3. Download appropriate firmware updates from Huawei support portal. 4. Apply updates following Huawei's upgrade procedures. 5. Reboot switches to activate patched firmware.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to switch management interfaces using ACLs to prevent unauthorized message traffic

# Example ACL to restrict management access
# acl number 3000
# rule 5 permit ip source 10.0.0.0 0.255.255.255
# rule 10 deny ip

Traffic Rate Limiting

all

Implement rate limiting on switch interfaces to prevent flood attacks

# Example traffic policing configuration
# traffic classifier attack
# if-match any
# traffic behavior attack
# car cir 1000
# traffic policy attack
# classifier attack behavior attack
# interface GigabitEthernet0/0/1
# traffic-policy attack inbound

🧯 If You Can't Patch

Isolate affected switches in separate VLANs with strict access controls
Implement network monitoring to detect and alert on unusual message patterns

🔍 How to Verify

Check if Vulnerable:

Check switch version using 'display version' command and compare against Huawei's affected version list in advisory SA-20210324-01

Check Version:

display version

Verify Fix Applied:

After patching, verify firmware version with 'display version' command matches patched versions listed in Huawei advisory

📡 Detection & Monitoring

Log Indicators:

Unusual increase in error messages
System resource exhaustion alerts
Interface flapping or instability logs

Network Indicators:

Sudden increase in specific message types to switch management interfaces
Unusual traffic patterns to switch control plane

SIEM Query:

source="switch_logs" AND (message="resource exhaustion" OR message="system busy" OR message="packet drop")

📊 Metadata

CVE ID: CVE-2021-22393

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: April 28, 2021

Last Updated: November 21, 2024

🔗 References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-dos-en Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-dos-en Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cloudengine 12800 Firmware by Huawei

Cloudengine 12800 Firmware by Huawei

Cloudengine 12800 Firmware by Huawei

Cloudengine 12800 Firmware by Huawei

Cloudengine 5800 by Huawei

Cloudengine 5800 by Huawei

Cloudengine 5800 by Huawei

Cloudengine 5800 by Huawei

Cloudengine 6800 Firmware by Huawei

Cloudengine 6800 Firmware by Huawei

Cloudengine 6800 Firmware by Huawei

Cloudengine 6800 Firmware by Huawei

Cloudengine 7800 Firmware by Huawei

Cloudengine 7800 Firmware by Huawei

Cloudengine 7800 Firmware by Huawei

Cloudengine 7800 Firmware by Huawei

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Control

Traffic Rate Limiting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export