Skip to main content

Cloudengine 12800 Firmware CVE-2019-5248

HIGH
Memory Leak (CWE-401)
2019-12-13 psirt@huawei.com
7.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 13, 2019 - 15:15 nvd
HIGH 7.4

DescriptionNVD

CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device.

AnalysisAI

CloudEngine 12800 has a DoS vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device. Affected products include: Huawei Cloudengine 12800 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.

CVE-2016-6178 CRITICAL
9.8 Aug 02

Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007S

CVE-2020-9207 HIGH
7.8 Dec 29

There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. Rated high severity (C

CVE-2017-8147 HIGH
7.5 Nov 22

AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C

CVE-2021-40008 HIGH
7.5 Dec 13

There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEn

CVE-2021-22328 HIGH
7.5 Aug 23

There is a denial of service vulnerability in some huawei products. Rated high severity (CVSS 7.5), this vulnerability i

CVE-2021-22332 HIGH
7.5 Apr 28

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 an

CVE-2021-22393 HIGH
7.5 Apr 28

There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and

CVE-2020-9124 HIGH
7.5 Dec 29

There is a memory leak vulnerability in some versions of Huawei CloudEngine product. Rated high severity (CVSS 7.5), thi

CVE-2020-9094 HIGH
7.5 Dec 29

There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. Rated high severity (CVSS 7.

CVE-2020-1870 HIGH
7.5 May 29

There is a denial of service vulnerability in some Huawei products. Rated high severity (CVSS 7.5), this vulnerability i

CVE-2020-9137 MEDIUM
6.7 Dec 24

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 an

CVE-2016-8780 MEDIUM
6.5 Apr 02

Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V

Share

CVE-2019-5248 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy