Vulnerability Details : CVE-2019-5248
CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device.
Vulnerability category: Denial of service
Products affected by CVE-2019-5248
- cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r001c00spc600:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r001c00spc700:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c01:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800pwe:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-5248
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-5248
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | AV:A/AC:L/Au:N/C:N/I:N/A:C |
6.5
|
6.9
|
NIST | |
7.4
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
2.8
|
4.0
|
NIST |
CWE ids for CVE-2019-5248
-
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-5248
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-dos-en
Security Advisory - Denial of Service Vulnerability in some Huawei ProductsVendor Advisory
Jump to