Memory leak in Huawei Hardware solutions

#VU22275 Memory leak in Huawei Hardware solutions

Published: 2019-10-24

Vulnerability identifier: #VU22275

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5293

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vendor: Huawei

Description
The vulnerability allows a remote attacker to cause some abnormal service.

The vulnerability exists due memory leak when handling some messages. A remote attacker with operation privilege can send specific messages continuously and cause some service abnormal.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Huawei SRG3300: V200R005C20 - V200R006C10

Huawei SRG2300: V200R005C20 - V200R006C10

Huawei SRG1300: V200R005C20 - V200R006C10

Huawei NetEngine16EX: V200R005C20 - V200R006C10

Huawei AR3600: V200R005C20 - V200R006C10

Huawei AR3200: V200R005C20 - V200R006C10

Huawei AR2200-S: V200R005C20 - V200R006C10

Huawei AR2200: V200R005C20 - V200R006C10

Huawei AR200-S: V200R005C20 - V200R006C10

Huawei AR200: V200R005C20 - V200R006C10

Huawei AR160: V200R005C20 - V200R006C10

Huawei AR150-S: V200R005C20 - V200R006C10

Huawei AR150: V200R005C20 - V200R006C10

Huawei AR1200-S: V200R005C20 - V200R006C10

Huawei AR1200: V200R005C20 - V200R006C10

Huawei AR120-S: V200R005C20 - V200R006C10

External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-memory-en

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Memory leak in multiple Huawei products