SB2020010202 - Multiple vulnerabilities in Huawei USG9500

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2019-5273)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a flaw in the X.509 implementation. A remote attacker can use a specially crafted certificate, trigger memory corruption and cause a denial of service condition on the target system.

2) Heap-based buffer overflow (CVE-ID: CVE-2019-5275)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the X.509 implementation. A remote attacker can use a specially crafted certificate, trigger heap-based buffer overflow and cause a denial of service on the target system.

3) Infinite loop (CVE-ID: CVE-2019-5274)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the X.509 implementation. A remote attacker can use a specially crafted certificate, consume all available system resources and cause a denial of service condition on the target system.

4) Improper validation of integrity check value (CVE-ID: CVE-2019-5272)

The vulnerability allows a remote attacker to make malicious modifications.

The vulnerability exists due to the software of the affected products does not check the integrity. A remote authenticated attacker can make malicious modifications without detection.

Remediation

Install update from vendor's website.

References

• https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-eudemon-en
• https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-digital-en