CVE-2018-7994

Summary

Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.

Affected Software

VendorProductVersion RangeStatus
Huawei Technologies Co., Ltd.NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500IPS Module V500R001C50affected
Huawei Technologies Co., Ltd.NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500NGFW Module V500R001C50affected
Huawei Technologies Co., Ltd.NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500V500R002C10affected
Huawei Technologies Co., Ltd.NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500NIP6300 V500R001C50affected
Huawei Technologies Co., Ltd.NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500NIP6600 V500R001C50affected
Huawei Technologies Co., Ltd.NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500NIP6800 V500R001C50affected
Huawei Technologies Co., Ltd.NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500Secospace USG6600 V500R001C50affected
Huawei Technologies Co., Ltd.NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500USG9500 V500R001C50affected

Weaknesses

  • memory leak

ADP Enrichment

CVE Program Container

Additional References

References