Lucene search

Huawei TechnologiesHUAWEI-SA-20201223-01-CLOUDENGINE

HistoryDec 23, 2020 - 12:00 a.m.

Security Advisory - Memory Leak Vulnerability in Huawei CloudEngine Product

2020-12-2300:00:00

Huawei Technologies

www.huawei.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

58.9%

JSON

There is a memory leak vulnerability in Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak. (Vulnerability ID: HWPSIRT-2020-43227)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9124.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en>

Affected configurations

Vulners

Node

huaweicloudengine_1800vMatchv200r002c50spc800

huaweicloudengine_1800vMatchv200r003c00spc810

huaweicloudengine_1800vMatchv200r005c00spc800

huaweicloudengine_1800vMatchv200r005c10spc800

huaweicloudengine_5800Matchv200r002c50spc800

huaweicloudengine_5800Matchv200r003c00spc810

huaweicloudengine_5800Matchv200r005c00spc800

huaweicloudengine_5800Matchv200r005c10spc800

huawei6800Matchv200r002c50spc800

huawei6800Matchv200r003c00spc810

huawei6800Matchv200r005c00spc800

huawei6800Matchv200r005c10spc800

huaweicloudengine_1800vMatchv200r002c50spc800

huaweicloudengine_1800vMatchv200r003c00spc810

huaweicloudengine_1800vMatchv200r005c00spc800

huaweicloudengine_1800vMatchv200r005c10spc800

CPENameOperatorVersion
cloudengine 12800eqV200R002C50SPC800
cloudengine 12800eqV200R003C00SPC810
cloudengine 12800eqV200R005C00SPC800
cloudengine 12800eqV200R005C10SPC800
cloudengine 5800eqV200R002C50SPC800
cloudengine 5800eqV200R003C00SPC810
cloudengine 5800eqV200R005C00SPC800
cloudengine 5800eqV200R005C10SPC800
cloudengine 6800eqV200R002C50SPC800
cloudengine 6800eqV200R003C00SPC810

Name	Operator	Version
cloudengine 12800	eq	V200R002C50SPC800
cloudengine 12800	eq	V200R003C00SPC810
cloudengine 12800	eq	V200R005C00SPC800
cloudengine 12800	eq	V200R005C10SPC800
cloudengine 5800	eq	V200R002C50SPC800
cloudengine 5800	eq	V200R003C00SPC810
cloudengine 5800	eq	V200R005C00SPC800
cloudengine 5800	eq	V200R005C10SPC800
cloudengine 6800	eq	V200R002C50SPC800
cloudengine 6800	eq	V200R003C00SPC810

Rows per page:

1-10 of 161

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for HUAWEI-SA-20201223-01-CLOUDENGINE