CVE-2019-5248 — HIGH (7.4) — White Hats Nepal

Vulnerability Description

CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Cloudengine 12800 Firmware	v200r001c00spc600
Huawei	Cloudengine 12800	-

Related Weaknesses (CWE)

CWE-401

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-dos-enVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-dos-enVendor Advisory

FAQ

What is CVE-2019-5248?

CVE-2019-5248 is a vulnerability with a CVSS score of 7.4 (HIGH). CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As...

How severe is CVE-2019-5248?

CVE-2019-5248 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5248?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Cloudengine 12800 Firmware, Huawei Cloudengine 12800.