Denial of service in Huawei ManageOne



Published: 2019-11-15
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-5289
CWE-ID CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
ManageOne
Other software / Other software solutions

Vendor Huawei

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU22790

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5289

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the Gauss100 OLTP database. A remote attacker can construct invalid packets to attack the active and standby communication channels, trigger memory corruption and crash the database on the standby node.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

ManageOne: 6.5.0


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-database-en

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###