Vulnerability CVE-2018-7994
Published: 2018-07-31

Description:
Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.

Type:

CWE-772

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Huawei -> Ips module 
Huawei -> Ngfw module 
Huawei -> Nip6300 
Huawei -> Nip6600 
Huawei -> Nip6800 
Huawei -> Secospace usg6600 
Huawei -> Usg9500 

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en
Copyright 2024, cxsecurity.com

 

Back to Top