TR-21-0534 (Huawei Güvenlik Zafiyeti)

Genel Bilgi

Bazı Huawei akıllı telefon ürünlerinde Integer Overflow ve Bilgi İfşası güvenlik zafiyeti tespit edilmiştir.

Etki

Zafiyet nedeniyle saldırganların saldırı düzenleyerek düzgün çalışan servisleri etkilemeleri ihtimal dahilindedir. Zafiyetlerin CVE kodları aşağıdaki gibidir:

CVE-2021-22323, CVE-2021-22369, CVE-2021-22371, CVE-2021-22373, CVE-2021-22374, CVE-2021-22370, CVE-2021-22326, CVE-2021-22368, CVE-2021-22367, CVE-2021-22354, CVE-2021-22353, CVE-2021-22346, CVE-2021-22348, CVE-2021-22349, CVE-2021-22350, CVE-2021-22351 ve CVE-2021-22352

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine zafiyet için yayınlanan güvenlik öneri sayfalarını incelemelerini ve ilgili güvenlik tedbirlerini almalarını tavsiye etmektedir.

Kaynaklar

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22323

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22369

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22371

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22373

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22374

https://www.security-database.com/detail.php?alert=CVE-2021-22369&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Last100Alerts+%28Security-Database+Alerts+Monitor+%3A+Last+100+Alerts%29

https://www.security-database.com/detail.php?alert=CVE-2021-22323&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Last100Alerts+%28Security-Database+Alerts+Monitor+%3A+Last+100+Alerts%29

https://www.security-database.com/detail.php?alert=CVE-2021-22370&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Last100Alerts+%28Security-Database+Alerts+Monitor+%3A+Last+100+Alerts%29

https://www.security-database.com/detail.php?alert=CVE-2021-22326&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Last100Alerts+%28Security-Database+Alerts+Monitor+%3A+Last+100+Alerts%29

https://infosec.cert-pa.it/cve-2021-22374.html

2021-07-01