Multiple vulnerabilities in some Huawei Products
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU23629
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5258
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause the affected board abnormal.
The vulnerability exists due to a boundary error when processing a crafted message. A local attacker who logs in to the board can send specially crafted messages from the internal network port or tamper with inter-process message packets, trigger memory corruption and cause the affected board abnormal.
Install updates from vendor's website.
Vulnerable software versionsHuawei AP2000: V200R005C30 - V200R009C00
Huawei IPS Module: V500R001C00SPC300 - V500R005C00
Huawei NGFW Module: V500R001C00SPC300 - V500R005C00
Huawei NIP6300: V500R001C00SPC300 - V500R005C00
Huawei NIP6600: V500R001C00SPC300 - V500R005C00
Huawei NIP6800: V500R001C50 - V500R005C00
Huawei S5700: V200R005C03
Huawei SVN5600: V200R003C00SPC100
Huawei SVN5800: V200R003C00SPC100
Huawei SVN5800-C: V200R003C00SPC100
Huawei SeMG9811: V500R002C20 - V500R005C00
Huawei Secospace AntiDDoS8000: V500R001C00 - V500R005C00SPC100
Huawei Secospace USG6300: V100R001C20SPC100 - V500R005C00
Huawei Secospace USG6500: V100R001C20SPC100 - V500R005C00
Huawei Secospace USG6600: V100R001C00SPC200 - V500R005C00SPC102
Huawei USG6000V: V500R001C10 - V500R005C00SPC100
Huawei eSpace U1981: V200R003C50SPC700
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU23628
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5257
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of system resources. A local attacker who logs in to the board can send specially crafted messages from the internal network port or tamper with inter-process message packets and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei AP2000: V200R005C30 - V200R009C00
Huawei IPS Module: V500R001C00SPC300 - V500R005C00
Huawei NGFW Module: V500R001C00SPC300 - V500R005C00
Huawei NIP6300: V500R001C00SPC300 - V500R005C00
Huawei NIP6600: V500R001C00SPC300 - V500R005C00
Huawei NIP6800: V500R001C50 - V500R005C00
Huawei S5700: V200R005C03
Huawei SVN5600: V200R003C00SPC100
Huawei SVN5800: V200R003C00SPC100
Huawei SVN5800-C: V200R003C00SPC100
Huawei SeMG9811: V500R002C20 - V500R005C00
Huawei Secospace AntiDDoS8000: V500R001C00 - V500R005C00SPC100
Huawei Secospace USG6300: V100R001C20SPC100 - V500R005C00
Huawei Secospace USG6500: V100R001C20SPC100 - V500R005C00
Huawei Secospace USG6600: V100R001C00SPC200 - V500R005C00SPC102
Huawei USG6000V: V500R001C10 - V500R005C00SPC100
Huawei eSpace U1981: V200R003C50SPC700
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU23627
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5256
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A local attacker can send specially crafted parameters, cause a denial of service condition and the process reboot.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei AP2000: V200R005C30 - V200R009C00
Huawei IPS Module: V500R001C00SPC300 - V500R005C00
Huawei NGFW Module: V500R001C00SPC300 - V500R005C00
Huawei NIP6300: V500R001C00SPC300 - V500R005C00
Huawei NIP6600: V500R001C00SPC300 - V500R005C00
Huawei NIP6800: V500R001C50 - V500R005C00
Huawei S5700: V200R005C03
Huawei SVN5600: V200R003C00SPC100
Huawei SVN5800: V200R003C00SPC100
Huawei SVN5800-C: V200R003C00SPC100
Huawei SeMG9811: V500R002C20 - V500R005C00
Huawei Secospace AntiDDoS8000: V500R001C00 - V500R005C00SPC100
Huawei Secospace USG6300: V100R001C20SPC100 - V500R005C00
Huawei Secospace USG6500: V100R001C20SPC100 - V500R005C00
Huawei Secospace USG6600: V100R001C00SPC200 - V500R005C00SPC102
Huawei USG6000V: V500R001C10 - V500R005C00SPC100
Huawei eSpace U1981: V200R003C50SPC700
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU23626
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5255
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of the message. A remote attacker can send specially crafted messages from a FTP client, trigger out-of-bounds read error and cause a denial of service condition on the target device.
Install updates from vendor's website.
Vulnerable software versionsHuawei AP2000: V200R005C30 - V200R009C00
Huawei IPS Module: V500R001C00SPC300 - V500R005C00
Huawei NGFW Module: V500R001C00SPC300 - V500R005C00
Huawei NIP6300: V500R001C00SPC300 - V500R005C00
Huawei NIP6600: V500R001C00SPC300 - V500R005C00
Huawei NIP6800: V500R001C50 - V500R005C00
Huawei S5700: V200R005C03
Huawei SVN5600: V200R003C00SPC100
Huawei SVN5800: V200R003C00SPC100
Huawei SVN5800-C: V200R003C00SPC100
Huawei SeMG9811: V500R002C20 - V500R005C00
Huawei Secospace AntiDDoS8000: V500R001C00 - V500R005C00SPC100
Huawei Secospace USG6300: V100R001C20SPC100 - V500R005C00
Huawei Secospace USG6500: V100R001C20SPC100 - V500R005C00
Huawei Secospace USG6600: V100R001C00SPC200 - V500R005C00SPC102
Huawei USG6000V: V500R001C10 - V500R005C00SPC100
Huawei eSpace U1981: V200R003C50SPC700
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU23625
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5254
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause the affected board abnormal.
The vulnerability exists due to insufficient validation of the message. A local attacker who logs in to the board can send specially crafted messages from the internal network port or tamper with inter-process message packets, trigger out-of-bounds read error and cause the affected board abnormal.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei AP2000: V200R005C30 - V200R009C00
Huawei IPS Module: V500R001C00SPC300 - V500R005C00
Huawei NGFW Module: V500R001C00SPC300 - V500R005C00
Huawei NIP6300: V500R001C00SPC300 - V500R005C00
Huawei NIP6600: V500R001C00SPC300 - V500R005C00
Huawei NIP6800: V500R001C50 - V500R005C00
Huawei S5700: V200R005C03
Huawei SVN5600: V200R003C00SPC100
Huawei SVN5800: V200R003C00SPC100
Huawei SVN5800-C: V200R003C00SPC100
Huawei SeMG9811: V500R002C20 - V500R005C00
Huawei Secospace AntiDDoS8000: V500R001C00 - V500R005C00SPC100
Huawei Secospace USG6300: V100R001C20SPC100 - V500R005C00
Huawei Secospace USG6500: V100R001C20SPC100 - V500R005C00
Huawei Secospace USG6600: V100R001C00SPC200 - V500R005C00SPC102
Huawei USG6000V: V500R001C10 - V500R005C00SPC100
Huawei eSpace U1981: V200R003C50SPC700
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
