CVE-2018-7994

CWE-7724 documents4 sources
Severity
7.5HIGH
EPSS
0.3%
top 48.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Huawei IPS ModuleHuawei Ngfw ModuleHuawei Nip6300+4 more
Timeline
PublishedJul 31
Latest updateMay 13

Description

Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

NVDhuawei/ngfw_modulev500r001c50, v500r002c10+1
NVDhuawei/ips_modulev500r001c50
NVDhuawei/secospace_usg6600v500r001c50
NVDhuawei/nip6300v500r001c50
NVDhuawei/nip6600v500r001c50

🔴Vulnerability Details

2
GHSA
GHSA-jfrw-3j8q-2c86: Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Seco2022-05-13
CVEList
CVE-2018-7994: Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Seco2018-07-31
CVE-2018-7994 (HIGH CVSS 7.5) | Some Huawei products IPS Module V50 | cvebase.io