Lucene search

Huawei TechnologiesHUAWEI-SA-20141224-01-USG

HistoryDec 24, 2014 - 12:00 a.m.

Security Advisory-Memory Leak Vulnerability on USG products

2014-12-2400:00:00

Huawei Technologies

www.huawei.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

62.0%

JSON

The HUAWEI USG9560/9520/9580 is a high-end 10-Gigabit Firewall. The USG9560/9520/9580 applies to Internet backbone networks, IP dedicated backbone networks, IP metropolitan area networks (MANs), Internet data center (IDC) egress. This security gateway provides multiple powerful and all-round security solutions with great flexibility.

An attacker can request a special web page to cause the memory leak of the MPU. When the memory is exhausted, the MPU restarts and active/standby main processing unit (MPU) switchover is triggered. (Vulnerability ID: HWPSIRT-2014-1223)

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9697.

Currently, official fixes are available.

Affected configurations

Vulners

Node

huaweiusg9560_firmwareMatchv300r001c00

huawei9520_firmwareMatchv300r001c00

huawei9580_firmwareMatchv300r001c00

huaweiusg9560_firmwareMatchv300r001c01spc100

huawei9520_firmwareMatchv300r001c01spc100

huawei9580_firmwareMatchv300r001c01spc100

VendorProductVersionCPE
huaweiusg9560_firmwarev300r001c00cpe:2.3:o:huawei:usg9560_firmware:v300r001c00:*:*:*:*:*:*:*
huawei9520_firmwarev300r001c00cpe:2.3:a:huawei:9520_firmware:v300r001c00:*:*:*:*:*:*:*
huawei9580_firmwarev300r001c00cpe:2.3:a:huawei:9580_firmware:v300r001c00:*:*:*:*:*:*:*
huaweiusg9560_firmwarev300r001c01spc100cpe:2.3:o:huawei:usg9560_firmware:v300r001c01spc100:*:*:*:*:*:*:*
huawei9520_firmwarev300r001c01spc100cpe:2.3:a:huawei:9520_firmware:v300r001c01spc100:*:*:*:*:*:*:*
huawei9580_firmwarev300r001c01spc100cpe:2.3:a:huawei:9580_firmware:v300r001c01spc100:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	usg9560_firmware	v300r001c00	cpe:2.3:o:huawei:usg9560_firmware:v300r001c00:::::::*
huawei	9520_firmware	v300r001c00	cpe:2.3:a:huawei:9520_firmware:v300r001c00:::::::*
huawei	9580_firmware	v300r001c00	cpe:2.3:a:huawei:9580_firmware:v300r001c00:::::::*
huawei	usg9560_firmware	v300r001c01spc100	cpe:2.3:o:huawei:usg9560_firmware:v300r001c01spc100:::::::*
huawei	9520_firmware	v300r001c01spc100	cpe:2.3:a:huawei:9520_firmware:v300r001c01spc100:::::::*
huawei	9580_firmware	v300r001c01spc100	cpe:2.3:a:huawei:9580_firmware:v300r001c01spc100:::::::*

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

62.0%

JSON

Related for HUAWEI-SA-20141224-01-USG