CVSS: 5.5EPSS: 0%CPEs: 261EXPL: 0CVE-2019-5257
https://notcve.org/view.php?id=CVE-2019-5257
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. An attacker who logs in to the board may send crafted messages from the internal network. Ciertos productos Huawei (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace), tienen una vulnerabilidad de gestión de recursos. Un atacante que inicia sesión en la tarjeta puede enviar mensajes especialmente diseñados desde la red interna. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-en • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-17162
https://notcve.org/view.php?id=CVE-2017-17162
Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 tienen una vulnerabilidad de fuga de memoria debido a que la memoria no se libera cuando un atacante local autenticado ejecuta comandos especiales muchas veces. Un atacante podría aprovecharse de esto para provocar una fuga de memoria, lo que podría conducir a excepciones del sistema. • http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-firewall-en • CWE-772: Missing Release of Resource after Effective Lifetime •