Vulnerability Details : CVE-2018-7994
Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.
Products affected by CVE-2018-7994
- cpe:2.3:o:huawei:ips_module:v500r001c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ngfw_module:v500r001c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ngfw_module:v500r002c10:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:nip6300:v500r001c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:nip6600:v500r001c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:nip6800:v500r001c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:secospace_usg6600:v500r001c50:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:usg9500:v500r001c50:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7994
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7994
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-7994
-
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7994
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en
Security Advisory - Memory Leak Vulnerability on Several ProductsVendor Advisory
Jump to