#VU23898 Buffer overflow in Huawei products - CVE-2019-5304
Published: January 3, 2020
Vulnerability identifier: #VU23898
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-5304
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Huawei AR120-S
Huawei AR1200
Huawei AR1200-S
Huawei AR150
Huawei AR150-S
Huawei AR160
Huawei AR200
Huawei AR200-S
Huawei AR2200
Huawei AR2200-S
Huawei AR3200
Huawei AR3600
Huawei NetEngine16EX
Huawei S6700
Huawei SRG1300
Huawei SRG2300
Huawei SRG3300
Huawei IPS Module
Huawei NIP6300
Huawei NIP6600
Huawei Secospace AntiDDoS8000
Huawei NGFW Module
Huawei S5700
Huawei Secospace USG6300
Huawei Secospace USG6500
Huawei Secospace USG6600
Huawei AR120-S
Huawei AR1200
Huawei AR1200-S
Huawei AR150
Huawei AR150-S
Huawei AR160
Huawei AR200
Huawei AR200-S
Huawei AR2200
Huawei AR2200-S
Huawei AR3200
Huawei AR3600
Huawei NetEngine16EX
Huawei S6700
Huawei SRG1300
Huawei SRG2300
Huawei SRG3300
Huawei IPS Module
Huawei NIP6300
Huawei NIP6600
Huawei Secospace AntiDDoS8000
Huawei NGFW Module
Huawei S5700
Huawei Secospace USG6300
Huawei Secospace USG6500
Huawei Secospace USG6600
Software vendor:
Huawei
Huawei
Description
The vulnerability allows a remote attacker to cause a denial of service (DoS) condition.
The vulnerability exists due to insufficient input validation of some parameters in the messages. A remote attacker can send a specific MPLS Echo Request message, trigger memory corruption and reset the device.
Remediation
Install updates from vendor's website.