Page 4 of 28 results (0.004 seconds)

CVSS: 4.4EPSS: 0%CPEs: 13EXPL: 0

CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some Huawei products. In some special cases, an authenticated attacker can exploit this vulnerability because the software processes data improperly. Successful exploitation may lead to information leakage. CloudEngine 12800 con versiones de V200R001C00SPC600, V200R001C00SPC700, V200R002C01, V200R002C50SPC800, V200R002C50SPC800PWE, V200R003C00SPC810, V200R003C00SPC810PWE, V200R005C00SPC600, V200R005C00SPC800, V200R005C00SPC800PWE, V200R005C10, V200R005C10SPC300, presentan una vulnerabilidad de filtrado de información en algunos productos Huawei. En algunos casos especiales, un atacante autenticado puede explotar esta vulnerabilidad porque el software procesa los datos inapropiadamente. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-leak-en •

CVSS: 5.3EPSS: 0%CPEs: 25EXPL: 0

There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Existe una vulnerabilidad de algoritmo débil en algunos productos Huawei. Los productos afectados utilizan el algoritmo RSA en el algoritmo de intercambio de claves SSL que se ha considerado como un algoritmo débil. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0

CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device. CloudEngine 12800 presenta una vulnerabilidad de DoS. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-dos-en • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.9EPSS: 0%CPEs: 87EXPL: 0

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some fields in the packets, an attacker may exploit the vulnerability to cause the target device to be abnormal. Algunos productos Huawei presentan una comprobación insuficiente de una vulnerabilidad de autenticidad de datos. Un atacante remoto no autenticado tiene que interceptar paquetes específicos entre dos dispositivos, modificar los paquetes y enviar los paquetes modificados hacia el dispositivo peer. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-validation-en • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak. Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10 y V100R006C00 tiene una vulnerabilidad de fuga de memoria. Un atacante no autenticado podría enviar paquetes LDP (Label Distribution Protocol) a los dispositivos repetidamente. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-ldp-en http://www.securityfocus.com/bid/94941 • CWE-399: Resource Management Errors •