Sign-up

ID

VAR-201807-2069


CVE

CVE-2018-7994


TITLE

plural Huawei Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008886

DESCRIPTION

Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiIPSModule and other products are products of China Huawei. HuaweiIPSModule is an IPS security device. NGFWModule is a firewall device. The NIP6300 and so on are the next generation intrusion prevention systems. Successful exploitation of this vulnerability can cause the system to run out of memory and then restart. The following products and versions are affected: Huawei IPS Module V500R001C50 Version; NGFW Module V500R001C50 Version, V500R002C10 Version; NIP6300 V500R001C50 Version; NIP6600 V500R001C50 Version; NIP6800 V500R001C50 Version; Secospace USG6600 V500R001C50 Version; USG9500 V500R001C50 Version

Trust: 2.25

sources: NVD: CVE-2018-7994 // JVNDB: JVNDB-2018-008886 // CNVD: CNVD-2018-12787 // VULHUB: VHN-138026

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12787

AFFECTED PRODUCTS

vendor:huaweimodel:ips modulescope:eqversion:v500r001c50

Trust: 2.4

vendor:huaweimodel:ngfw modulescope:eqversion:v500r001c50

Trust: 2.4

vendor:huaweimodel:ngfw modulescope:eqversion:v500r002c10

Trust: 2.4

vendor:huaweimodel:nip6300scope:eqversion:v500r001c50

Trust: 2.4

vendor:huaweimodel:nip6600scope:eqversion:v500r001c50

Trust: 2.4

vendor:huaweimodel:nip6800scope:eqversion:v500r001c50

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c50

Trust: 2.4

vendor:huaweimodel:usg9500scope:eqversion:v500r001c50

Trust: 2.4

vendor:huaweimodel:ips module v500r001c50scope: - version: -

Trust: 0.6

vendor:huaweimodel:ngfw module v500r002c10scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6300 v500r001c50scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6600 v500r001c50scope: - version: -

Trust: 0.6

vendor:huaweimodel:nip6800 v500r001c50scope: - version: -

Trust: 0.6

vendor:huaweimodel:usg9500 v500r001c50scope: - version: -

Trust: 0.6

vendor:huaweimodel:secospace usg6600 v500r001c50scope: - version: -

Trust: 0.6

vendor:huaweimodel:ngfw module v500r001c50scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-12787 // JVNDB: JVNDB-2018-008886 // CNNVD: CNNVD-201807-2008 // NVD: CVE-2018-7994

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7994
value: HIGH

Trust: 1.0

NVD: CVE-2018-7994
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-12787
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-2008
value: HIGH

Trust: 0.6

VULHUB: VHN-138026
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7994
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-12787
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-138026
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7994
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-12787 // VULHUB: VHN-138026 // JVNDB: JVNDB-2018-008886 // CNNVD: CNNVD-201807-2008 // NVD: CVE-2018-7994

PROBLEMTYPE DATA

problemtype:CWE-772

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-138026 // JVNDB: JVNDB-2018-008886 // NVD: CVE-2018-7994

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-2008

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201807-2008

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008886

PATCH
title:huawei-sa-20180704-01-firewallurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en
Trust: 0.8
title:Patches for various Huawei product memory leak vulnerabilities (CNVD-2018-12787)url:https://www.cnvd.org.cn/patchInfo/show/133909
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82735
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12787 // 
            
            
            
            JVNDB: JVNDB-2018-008886 // 
            
            
            
            CNNVD: CNNVD-201807-2008

EXTERNAL IDS
db:NVDid:CVE-2018-7994
Trust: 3.1
db:JVNDBid:JVNDB-2018-008886
Trust: 0.8
db:CNNVDid:CNNVD-201807-2008
Trust: 0.7
db:CNVDid:CNVD-2018-12787
Trust: 0.6
db:VULHUBid:VHN-138026
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12787 // 
            
            
            
            VULHUB: VHN-138026 // 
            
            
            
            JVNDB: JVNDB-2018-008886 // 
            
            
            
            CNNVD: CNNVD-201807-2008 // 
            
            
            
            NVD: CVE-2018-7994

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7994
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7994
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180704-01-firewall-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12787 // 
            
            
            
            VULHUB: VHN-138026 // 
            
            
            
            JVNDB: JVNDB-2018-008886 // 
            
            
            
            CNNVD: CNNVD-201807-2008 // 
            
            
            
            NVD: CVE-2018-7994

SOURCES
db:CNVDid:CNVD-2018-12787
db:VULHUBid:VHN-138026
db:JVNDBid:JVNDB-2018-008886
db:CNNVDid:CNNVD-201807-2008
db:NVDid:CVE-2018-7994

LAST UPDATE DATE
2024-11-23T22:00:21.448000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12787date:2018-07-10T00:00:00
db:VULHUBid:VHN-138026date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-008886date:2018-10-31T00:00:00
db:CNNVDid:CNNVD-201807-2008date:2019-10-23T00:00:00
db:NVDid:CVE-2018-7994date:2024-11-21T04:13:02.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-12787date:2018-07-10T00:00:00
db:VULHUBid:VHN-138026date:2018-07-31T00:00:00
db:JVNDBid:JVNDB-2018-008886date:2018-10-31T00:00:00
db:CNNVDid:CNNVD-201807-2008date:2018-08-01T00:00:00
db:NVDid:CVE-2018-7994date:2018-07-31T14:29:01.167