CVE-2020-9099
https://notcve.org/view.php?id=CVE-2020-9099
Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. Los productos Huawei IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 con versiones de V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30, presenta una vulnerabilidad de autenticación inapropiada. Los atacantes necesitan llevar a cabo algunas operaciones para explotar la vulnerabilidad. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200506-02-authentication-en • CWE-287: Improper Authentication •
CVE-2019-5304
https://notcve.org/view.php?id=CVE-2019-5304
Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset. Algunos productos de Huawei tienen una vulnerabilidad de error de búfer. Un atacante remoto no identificado podría enviar mensajes MPLS Echo Request específicos hacia los productos de destino. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-buffer-en • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-5254
https://notcve.org/view.php?id=CVE-2019-5254
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal. Ciertos productos de Huawei (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981), tienen una vulnerabilidad de lectura fuera de límites. Un atacante que inicie sesión en la tarjeta puede enviar mensajes especialmente diseñados desde el puerto de red interno o manipular los paquetes de mensajes entre procesos para explotar esta vulnerabilidad. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-en • CWE-125: Out-of-bounds Read •
CVE-2019-5255
https://notcve.org/view.php?id=CVE-2019-5255
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. An attacker may send crafted messages from a FTP client to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the system out-of-bounds read and result in a denial of service condition of the affected service. Ciertos productos de Huawei (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981), tienen una vulnerabilidad de DoS. Un atacante puede enviar mensajes especialmente diseñados desde un cliente FTP para explotar esta vulnerabilidad. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-en • CWE-125: Out-of-bounds Read •
CVE-2019-5256
https://notcve.org/view.php?id=CVE-2019-5256
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a null pointer dereference vulnerability. The system dereferences a pointer that it expects to be valid, but is NULL. A local attacker could exploit this vulnerability by sending crafted parameters. A successful exploit could cause a denial of service and the process reboot. Ciertos productos de Huawei (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981), tienen una vulnerabilidad de desreferencia del puntero. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-ssp-en • CWE-476: NULL Pointer Dereference •