Page 2 of 10 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service. Se presenta una vulnerabilidad de autenticación inapropiada en algunas versiones del producto Huawei CloudEngine. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-en • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service. Se presenta una vulnerabilidad de lectura fuera de límites en algunas versiones del producto Huawei CloudEngine. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-obr-en • CWE-125: Out-of-bounds Read •

CVSS: 6.7EPSS: 0%CPEs: 29EXPL: 0

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation. Se presenta una vulnerabilidad de escalada de privilegios en algunas versiones de CloudEngine 12800, CloudEngine 5800, CloudEngine 6800 y CloudEngine 7800. Debido a una comprobación insuficiente de la entrada, un atacante local con privilegios elevados puede ejecutar algunos scripts especialmente diseñados en los productos afectados. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-02-privilege-en • CWE-20: Improper Input Validation •

CVSS: 3.3EPSS: 0%CPEs: 25EXPL: 0

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800 Se presenta una vulnerabilidad de filtrado de información en algunos productos de Huawei, y podría permitir a un atacante local obtener información. La vulnerabilidad es debido a una administración inapropiada del nombre de usuario. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-informationleak-en •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product versions include: CloudEngine 12800 versions V200R019C00SPC800; CloudEngine 5800 versions V200R019C00SPC800; CloudEngine 6800 versions V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R019C00SPC800; NE40E versions V800R011C00SPC200, V800R011C00SPC300, V800R011C10SPC100; NE40E-F versions V800R011C00SPC200, V800R011C10SPC100; NE40E-M versions V800R011C00SPC200, V800R011C10SPC100. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-dos-en • CWE-772: Missing Release of Resource after Effective Lifetime •