There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak.
References
Link | Resource |
---|---|
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
31 Dec 2020, 15:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r003c00spc810:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c10spc800:*:*:*:*:*:*:* cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:* cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r002c50spc800:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:*:*:*:*:*:*:* cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c00spc800:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c00spc800:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r002c50spc800:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c10spc800:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r003c00spc810:*:*:*:*:*:*:* cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:* cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:* |
|
CWE | CWE-770 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (CONFIRM) https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en - Vendor Advisory |
29 Dec 2020, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2020-12-29 18:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-9124
Mitre link : CVE-2020-9124
CVE.ORG link : CVE-2020-9124
JSON object : View
Products Affected
huawei
- cloudengine_5800_firmware
- cloudengine_12800_firmware
- cloudengine_6800_firmware
- cloudengine_5800
- cloudengine_6800
- cloudengine_7800
- cloudengine_7800_firmware
- cloudengine_12800
CWE
CWE-401
Missing Release of Memory after Effective Lifetime