Out-of-Bounds Read Vulnerability in Huawei Network Devices
CVE-2019-5254

8.6HIGH

Key Information:

Vendor
Huawei
Status
Ap2000;ips Module;ngfw Module;nip6300;nip6600;nip6800;s5700;svn5600;svn5800;svn5800-c;semg9811;secospace Antiddos8000;secospace Usg6300;secospace Usg6500;secospace Usg6600;usg6000v;espace U1981
Vendor
CVE Published:
13 December 2019

Summary

Certain Huawei network devices have a vulnerability that allows for out-of-bounds reads under specific conditions. An attacker with access to the internal network can send crafted messages or manipulate inter-process message packets to exploit this flaw. This issue arises from insufficient validation of incoming messages, which can lead to abnormal behavior in the affected devices, disrupting normal operations and posing a risk to the security and integrity of the network.

Affected Version(s)

AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981 V200R005C30

AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981 V200R006C10

AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981 V200R006C20

References

https://www.huawei.com/en/psirt/security-advisories/huawe...
x_refsource_MISC

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.