CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-9094
https://notcve.org/view.php?id=CVE-2020-9094
29 Dec 2020 — There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service. Se presenta una vulnerabilidad de lectura fuera de límites en algunas versiones del producto Huawei CloudEngine. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-obr-en • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2020-9124
https://notcve.org/view.php?id=CVE-2020-9124
29 Dec 2020 — There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak. Se presenta una vulnerabilidad de pérdida de memoria en algunas versiones del producto Huawei CloudEngine. Un atacante remoto no autenticado puede explotar esta vulnerabilidad mediante el envío de un mensaje es... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.7EPSS: 0%CPEs: 29EXPL: 0CVE-2020-9137
https://notcve.org/view.php?id=CVE-2020-9137
24 Dec 2020 — There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation. Se presenta una vulnerabilidad de escalada de privilegios en algunas versiones de CloudEngine 12800, CloudEngine 5800, CloudEngine 6800 y CloudEngine 7800. Debido a una comprob... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-02-privilege-en • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 25EXPL: 0CVE-2020-9102
https://notcve.org/view.php?id=CVE-2020-9102
17 Jul 2020 — There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-informationleak-en •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-1870
https://notcve.org/view.php?id=CVE-2020-1870
29 May 2020 — There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product versions include: CloudEngine 12800 versions V200R019C00SPC800; CloudEngine 5800 versions V200R019C00SPC800; CloudEngine 6800 versions V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R019C00SPC800; ... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-dos-en • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 4.4EPSS: 0%CPEs: 13EXPL: 0CVE-2020-1861
https://notcve.org/view.php?id=CVE-2020-1861
28 Feb 2020 — CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some Huawei products. In some special cases, an authenticated attacker can exploit this vulnerability because the software processes data improperly. Successful exploitation may lead to information leakage. CloudEngine ... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-leak-en •
CVSS: 5.3EPSS: 0%CPEs: 25EXPL: 0CVE-2020-1810
https://notcve.org/view.php?id=CVE-2020-1810
09 Jan 2020 — There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Existe una vulnerabilidad de algoritmo débil en algunos productos Huawei. Los productos afectados utilizan el algoritmo RSA en el algoritmo de intercambio de claves SSL que se ha considerado como un algoritmo débil. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2019-5248
https://notcve.org/view.php?id=CVE-2019-5248
13 Dec 2019 — CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device. CloudEngine 12800 presenta una vulnerabilidad de DoS. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-dos-en • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.9EPSS: 0%CPEs: 87EXPL: 0CVE-2019-5291
https://notcve.org/view.php?id=CVE-2019-5291
13 Dec 2019 — Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal. Algunos productos Huawei presentan una comprobación insuficiente de una vulnerabilidad de autenticidad de datos.... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-8782
https://notcve.org/view.php?id=CVE-2016-8782
09 Mar 2018 — Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak. Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10 y V100R006C00 tiene una vulnerabilidad de fuga de m... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-ldp-en • CWE-399: Resource Management Errors •