CVE-2018-7994 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Ips Module	v500r001c50
Huawei	Ngfw Module	v500r001c50
Huawei	Nip6300	v500r001c50
Huawei	Nip6600	v500r001c50
Huawei	Nip6800	v500r001c50
Huawei	Secospace Usg6600	v500r001c50
Huawei	Usg9500	v500r001c50

Related Weaknesses (CWE)

CWE-772

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewalVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewalVendor Advisory

FAQ

What is CVE-2018-7994?

CVE-2018-7994 is a vulnerability with a CVSS score of 7.5 (HIGH). Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 hav...

How severe is CVE-2018-7994?

CVE-2018-7994 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7994?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ips Module, Huawei Ngfw Module, Huawei Nip6300, Huawei Nip6600, Huawei Nip6800.