Denial of service in Huawei OceanStor 5310 V5
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-1881 |
| CWE-ID | CWE-399 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
OceanStor 5310 V5 Hardware solutions / Firmware |
| Vendor | Huawei |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Resource management error
EUVDB-ID: #VU25434
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-1881
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management of the function. A remote attacker on the local network can perform specific operations to trigger the function of the affected device and cause service abnormal on affected devices.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOceanStor 5310 V5: V500R007C60SPC100
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
