#VU23626 Out-of-bounds read in Huawei Server applications


Published: 2019-12-17

Vulnerability identifier: #VU23626

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5255

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Huawei AP2000
Hardware solutions / Routers & switches, VoIP, GSM, etc
Huawei IPS Module
Server applications / IDS/IPS systems, Firewalls and proxy servers
Huawei NIP6300
Server applications / IDS/IPS systems, Firewalls and proxy servers
Huawei NIP6600
Server applications / IDS/IPS systems, Firewalls and proxy servers
Huawei NIP6800
Server applications / IDS/IPS systems, Firewalls and proxy servers
Huawei Secospace AntiDDoS8000
Server applications / IDS/IPS systems, Firewalls and proxy servers
Huawei NGFW Module
Server applications / Other server solutions
Huawei SVN5600
Server applications / Other server solutions
Huawei SVN5800
Server applications / Other server solutions
Huawei SVN5800-C
Server applications / Other server solutions
Huawei S5700
Hardware solutions / Routers for home users
Huawei SeMG9811
Other software / Other software solutions
Huawei Secospace USG6300
Server applications / Server solutions for antivurus protection
Huawei Secospace USG6500
Server applications / Server solutions for antivurus protection
Huawei Secospace USG6600
Server applications / Server solutions for antivurus protection
Huawei USG6000V
Server applications / Remote management servers, RDP, SSH
Huawei eSpace U1981
Server applications / Remote management servers, RDP, SSH

Vendor: Huawei

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of the message. A remote attacker can send specially crafted messages from a FTP client, trigger out-of-bounds read error and cause a denial of service condition on the target device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Huawei AP2000: V200R005C30 - V200R009C00

Huawei IPS Module: V500R001C00SPC300 - V500R005C00

Huawei NGFW Module: V500R001C00SPC300 - V500R005C00

Huawei NIP6300: V500R001C00SPC300 - V500R005C00

Huawei NIP6600: V500R001C00SPC300 - V500R005C00

Huawei NIP6800: V500R001C50 - V500R005C00

Huawei S5700: V200R005C03

Huawei SVN5600: V200R003C00SPC100

Huawei SVN5800: V200R003C00SPC100

Huawei SVN5800-C: V200R003C00SPC100

Huawei SeMG9811: V500R002C20 - V500R005C00

Huawei Secospace AntiDDoS8000: V500R001C00 - V500R005C00SPC100

Huawei Secospace USG6300: V100R001C20SPC100 - V500R005C00

Huawei Secospace USG6500: V100R001C20SPC100 - V500R005C00

Huawei Secospace USG6600: V100R001C00SPC200 - V500R005C00SPC102

Huawei USG6000V: V500R001C10 - V500R005C00SPC100

Huawei eSpace U1981: V200R003C50SPC700

External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-en

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in some Huawei Products