Vulnerability Description
Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an improper resource management vulnerability. Due to the improper implementation of ACL mechanism, a remote attacker may send TCP messages to the management interface of the affected device to exploit this vulnerability. Successful exploit could exhaust the socket resource of management interface, leading to a DoS condition.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Ar1200 Firmware | v200r006c10spc300 |
| Huawei | Ar1200 | - |
| Huawei | Ar160 Firmware | v200r006c10spc300 |
| Huawei | Ar160 | - |
| Huawei | Ar200 Firmware | v200r006c10spc300 |
| Huawei | Ar200 | - |
| Huawei | Ar2200 Firmware | v200r006c10spc300 |
| Huawei | Ar2200 | - |
| Huawei | Ar3200 Firmware | v200r006c10spc300 |
| Huawei | Ar3200 | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-ar-enVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-ar-enVendor Advisory
FAQ
What is CVE-2018-7920?
CVE-2018-7920 is a vulnerability with a CVSS score of 7.5 (HIGH). Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an improper resource management vulnerability. Due to...
How severe is CVE-2018-7920?
CVE-2018-7920 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7920?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ar1200 Firmware, Huawei Ar1200, Huawei Ar160 Firmware, Huawei Ar160, Huawei Ar200 Firmware.