Multiple vulnerabilities in Huawei USG9500



Published: 2020-01-02
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2019-5273
CVE-2019-5275
CVE-2019-5274
CVE-2019-5272
CWE-ID CWE-119
CWE-122
CWE-835
CWE-354
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
USG9500
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Huawei

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU23860

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5273

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a flaw in the X.509 implementation. A remote attacker can use a specially crafted certificate, trigger memory corruption and cause a denial of service condition on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

USG9500: V500R001C30 - V500R001C60

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-eudemon-en


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU23862

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5275

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the X.509 implementation. A remote attacker can use a specially crafted certificate, trigger heap-based buffer overflow and cause a denial of service on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

USG9500: V500R001C30 - V500R001C60

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-eudemon-en


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Infinite loop

EUVDB-ID: #VU23861

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5274

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the X.509 implementation. A remote attacker can use a specially crafted certificate, consume all available system resources and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

USG9500: V500R001C30 - V500R001C60

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-eudemon-en


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper validation of integrity check value

EUVDB-ID: #VU23859

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5272

CWE-ID: CWE-354 - Improper Validation of Integrity Check Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to make malicious modifications.

The vulnerability exists due to the software of the affected products does not check the integrity. A remote authenticated attacker can make malicious modifications without detection.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

USG9500: V500R001C30 - V500R001C60

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-digital-en


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###