5 results (0.008 seconds)

CVSS: 4.3EPSS: 3%CPEs: 7EXPL: 0

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished. El dispositivo USG9500 de HUAWEI con versiones de V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200, presentan una vulnerabilidad de filtrado de información. Debido a un procesamiento inapropiado del vector de inicialización usado en un algoritmo de cifrado específico, un atacante que consigue acceso a esta primitiva criptográfica puede explotar esta vulnerabilidad para causar que el valor de la confidencialidad asociada con su uso sea disminuido. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en • CWE-665: Improper Initialization •

CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0

USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could cause information disclosure or damage, and impact the confidentiality or integrity. USG9500 con software de versiones V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200, tiene una vulnerabilidad de administración de credenciales inapropiada. El software no administra apropiadamente determinadas credenciales. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-credential-en •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 tienen una vulnerabilidad de fuga de memoria debido a que la memoria no se libera cuando un atacante local autenticado ejecuta comandos especiales muchas veces. Un atacante podría aprovecharse de esto para provocar una fuga de memoria, lo que podría conducir a excepciones del sistema. • http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-firewall-en • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0

Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. Huawei USG9500 con software V200R001C01SPC800 y versiones anteriores, V300R001C00; USG2100 con software V300R001C00SPC900 y versiones anteriores; USG2200 con software V300R001C00SPC900; USG5100 con software V300R001C00SPC900 podrían permitir a un atacante remoto no autenticado, llevar a cabo un ataque de CSRF contra el usuario de la interfaz web. • http://www.huawei.com/en/psirt/security-advisories/hw-372186 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0

Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. Huawei FusionManager con software V100R002C03 y V100R003C00 podrían permitir a un atacante remoto no autenticado, llevar a cabo un ataque de CSRF contra el usuario de la interfaz web. • http://www.huawei.com/en/psirt/security-advisories/hw-372186 • CWE-352: Cross-Site Request Forgery (CSRF) •