Lucene search

[email protected]NVD:CVE-2020-9124

HistoryDec 29, 2020 - 6:15 p.m.

CVE-2020-9124

2020-12-2918:15:13

CWE-401

[email protected]

web.nvd.nist.gov

vulnerability

huawei

cloudengine

memory leak

unauthenticated

remote attacker

exploit

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.8%

JSON

There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak.

Affected configurations

Nvd

Node

huaweicloudengine_12800_firmwareMatchv200r002c50spc800

huaweicloudengine_12800_firmwareMatchv200r003c00spc810

huaweicloudengine_12800_firmwareMatchv200r005c00spc800

huaweicloudengine_12800_firmwareMatchv200r005c10spc800

AND

huaweicloudengine_12800Match-

Node

huaweicloudengine_5800_firmwareMatchv200r002c50spc800

huaweicloudengine_5800_firmwareMatchv200r003c00spc810

huaweicloudengine_5800_firmwareMatchv200r005c00spc800

huaweicloudengine_5800_firmwareMatchv200r005c10spc800

AND

huaweicloudengine_5800Match-

Node

huaweicloudengine_6800_firmwareMatchv200r002c50spc800

huaweicloudengine_6800_firmwareMatchv200r003c00spc810

huaweicloudengine_6800_firmwareMatchv200r005c00spc800

huaweicloudengine_6800_firmwareMatchv200r005c10spc800

AND

huaweicloudengine_6800Match-

Node

huaweicloudengine_7800_firmwareMatchv200r002c50spc800

huaweicloudengine_7800_firmwareMatchv200r003c00spc810

huaweicloudengine_7800_firmwareMatchv200r005c00spc800

huaweicloudengine_7800_firmwareMatchv200r005c10spc800

AND

huaweicloudengine_7800Match-

VendorProductVersionCPE
huaweicloudengine_12800_firmwarev200r002c50spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r003c00spc810cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r005c00spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r005c10spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*
huaweicloudengine_12800-cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r002c50spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r003c00spc810cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r005c00spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r005c10spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:*:*:*:*:*:*:*
huaweicloudengine_5800-cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	cloudengine_12800_firmware	v200r002c50spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:::::::*
huawei	cloudengine_12800_firmware	v200r003c00spc810	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:::::::*
huawei	cloudengine_12800_firmware	v200r005c00spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:::::::*
huawei	cloudengine_12800_firmware	v200r005c10spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:::::::*
huawei	cloudengine_12800	-	cpe:2.3:h:huawei:cloudengine_12800:-:::::::*
huawei	cloudengine_5800_firmware	v200r002c50spc800	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:::::::*
huawei	cloudengine_5800_firmware	v200r003c00spc810	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:::::::*
huawei	cloudengine_5800_firmware	v200r005c00spc800	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:::::::*
huawei	cloudengine_5800_firmware	v200r005c10spc800	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:::::::*
huawei	cloudengine_5800	-	cpe:2.3:h:huawei:cloudengine_5800:-:::::::*

Rows per page:

1-10 of 201

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.8%

JSON

Related for NVD:CVE-2020-9124

cvelist1 openvas1 huawei1 cve1 prion1