Security Advisory - Memory Leak Vulnerability in Several Huawei Products

2016-06-1500:00:00

Huawei Technologies

www.huawei.com

JSON

There is a vulnerability in several Huawei devices: USG series, NGFW module, IPS module, NIP series and AntiDDoS8000.

A memory leak vulnerability exists in these products. In hot standby networking where two devices are not directly connected, an attacker can craft a malformed packet, which exhausts the device’s memory resources and causes device reboot. (Vulnerability ID: HWPSIRT-2016-04004)

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-standby-en

Affected configurations

Vulners

Node

huaweiips_moduleMatchv500r001c00

huaweingfw_moduleMatchv500r001c00

huaweinip6300Matchv500r001c00

huaweinip6600Matchv500r001c00

huaweisecospace_usg6300Matchv500r001c00

huaweisecospace_usg6500Matchv500r001c00

huaweisecospace_usg6600Matchv500r001c00

huaweiusg9500Matchv500r001c00

huaweisecospace_antiddos8000Matchv500r001c00

CPENameOperatorVersion
ips moduleeqV500R001C00
ngfw moduleeqV500R001C00
nip6300eqV500R001C00
nip6600eqV500R001C00
secospace usg6300eqV500R001C00
secospace usg6500eqV500R001C00
secospace usg6600eqV500R001C00
usg9500eqV500R001C00
secospace antiddos8000eqV500R001C00

Name	Operator	Version
ips module	eq	V500R001C00
ngfw module	eq	V500R001C00
nip6300	eq	V500R001C00
nip6600	eq	V500R001C00
secospace usg6300	eq	V500R001C00
secospace usg6500	eq	V500R001C00
secospace usg6600	eq	V500R001C00
usg9500	eq	V500R001C00
secospace antiddos8000	eq	V500R001C00

JSON