Page 2 of 56 results (0.003 seconds)

CVSS: 4.4EPSS: 0%CPEs: 26EXPL: 0

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10. Se presenta una vulnerabilidad de filtrado de información en algunos productos Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-plaintextlog-en • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions of NGFW Module, NIP6300, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500, Secospace USG6600 and SG9500. Se presenta una vulnerabilidad de denegación de servicio en algunos productos Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-02-dos-en •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. Se presenta una vulnerabilidad de denegación de servicio en algunos productos de Huawei. No existe protección contra el escenario de ataque de un protocolo específico. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201111-02-dos-en •

CVSS: 6.7EPSS: 0%CPEs: 18EXPL: 0

Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. Algunos productos de Huawei presentan una vulnerabilidad de inyección de comandos. Debido a una comprobación insuficiente de la entrada, un atacante con privilegios elevados puede inyectar algunos códigos maliciosos en algunos archivos de los productos afectados. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201111-02-injection-en • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 443EXPL: 0

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. El módulo SIP de algunos productos Huawei presenta una vulnerabilidad de denegación de servicio (DoS). • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •