Vulnerability identifier: #VU25434
Vulnerability risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Huawei NIP6800
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Huawei Secospace USG6600
Server applications /
Server solutions for antivurus protection
USG9500
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Huawei
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management of the function. A remote attacker on the local network can perform specific operations to trigger the function of the affected device and cause service abnormal on affected devices.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Huawei NIP6800: V500R001C30
Huawei Secospace USG6600: V500R001C30SPC200 - V500R001C30SPC600
USG9500: V500R001C30SPC200 - V500R001C30SPC600
External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-resource-en
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.