Memory Leak Vulnerability in Huawei Products
CVE-2019-5293

6.5MEDIUM

Key Information:

Vendor: Huawei
Status: Ar120-s, Ar1200, Ar1200-s, Ar150, Ar150-s, Ar160, Ar200, Ar200-s, Ar2200, Ar2200-s, Ar3200, Ar3600, Netengine16ex, Srg1300, Srg2300, Srg3300
Vendor: CVE Published:; 13 November 2019

Summary

Certain Huawei devices are susceptible to a memory leak vulnerability that occurs when handling specific types of messages. An attacker with operational privileges could exploit this flaw by sending a series of crafted messages, leading to abnormal service behavior. This could potentially disrupt normal operations of affected Huawei products, undermining network stability and availability.

Affected Version(s)

AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR3600, NetEngine16EX, SRG1300, SRG2300, SRG3300 AR120-S V200R005C20, V200R006C10, AR1200 V200R005C20, V200R006C10, AR1200-S V200R005C20, V200R006C10, AR150 V200R005C20, V200R006C10, AR150-S V200R005C20, V200R006C10, AR160 V200R005C20, V200R006C10, AR200 V200R005C20, V200R006C10, AR200-S V200R005C20, V200R006C10, AR2200 V200R005C20, V200R006C10, AR2200-S V200R005C20, V200R006C10, AR3200 V200R005C20, V200R006C10, AR3600 V200R006C10, NetEngine16EX V200R005C20, V200R006C10, SRG1300 V200R005C20, V200R006C10, SRG2300 V200R005C20, V200R006C10, SRG3300 V200R005C20, V200R006C10

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2019
Vulnerability Reserved
Jan 4, 2019