fkie_cve-2020-9124
Vulnerability from fkie_nvd
Published
2020-12-29 18:15
Modified
2024-11-21 05:40
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak.
References
psirt@huawei.comhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-enVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-enVendor Advisory
Impacted products
Vendor Product Version
huawei cloudengine_12800_firmware v200r002c50spc800
huawei cloudengine_12800_firmware v200r003c00spc810
huawei cloudengine_12800_firmware v200r005c00spc800
huawei cloudengine_12800_firmware v200r005c10spc800
huawei cloudengine_12800 -
huawei cloudengine_5800_firmware v200r002c50spc800
huawei cloudengine_5800_firmware v200r003c00spc810
huawei cloudengine_5800_firmware v200r005c00spc800
huawei cloudengine_5800_firmware v200r005c10spc800
huawei cloudengine_5800 -
huawei cloudengine_6800_firmware v200r002c50spc800
huawei cloudengine_6800_firmware v200r003c00spc810
huawei cloudengine_6800_firmware v200r005c00spc800
huawei cloudengine_6800_firmware v200r005c10spc800
huawei cloudengine_6800 -
huawei cloudengine_7800_firmware v200r002c50spc800
huawei cloudengine_7800_firmware v200r003c00spc810
huawei cloudengine_7800_firmware v200r005c00spc800
huawei cloudengine_7800_firmware v200r005c10spc800
huawei cloudengine_7800 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A1D568-48C6-4CE4-8CD2-93F79F484448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
              "matchCriteriaId": "32438232-3341-4056-B801-AA8F0F9E8DEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "32EF3B57-0B07-40C0-943D-2C21EEE4D747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6A9B879-DBF0-4F31-9BF8-7148BC2FCED5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE8A2875-0F7E-4790-A925-5999396B7578",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "C78467A9-4091-4710-BFB8-A6FB0606BDF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB2923DC-9667-46F3-B879-C8C1DAECCC6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA3C214-FBB1-428A-8C0B-DF797296FC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "38CAD360-6AD5-4714-91BE-0AAB516EDA79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8FD775C-F6B6-42B3-942E-EB4DC889B5F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D33183-3C97-4EA6-90F7-55ED36F710E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA5CC84F-27DD-4D5E-8F28-CD7D12EAD2D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5DDE2E-B7B3-4D7A-A3EA-C15F968F1186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "369FD60C-215C-4172-9CFC-39AD5492BE17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F2B3CC-12AD-466D-98F9-0C09C7C053CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "14C55E1D-E4E8-4E8F-8D3E-E3A72C5A45D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D64B7D-AA9B-476B-8389-617799BAC702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "72424532-AB07-47DF-8301-275D6EC2F6D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
              "matchCriteriaId": "4196899F-1AB3-429A-B334-3B059DFBCAFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05E858C-A3D8-4BF1-A750-CFD8C949ABF0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de p\u00e9rdida de memoria en algunas versiones del producto Huawei CloudEngine.\u0026#xa0;Un atacante remoto no autenticado puede explotar esta vulnerabilidad mediante el env\u00edo de un mensaje espec\u00edfico al producto afectado.\u0026#xa0;Debido a que no se libera la memoria asignada apropiadamente, una explotaci\u00f3n con \u00e9xito puede causar p\u00e9rdida de memoria"
    }
  ],
  "id": "CVE-2020-9124",
  "lastModified": "2024-11-21T05:40:05.920",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-29T18:15:13.230",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.