Huawei eSpace U1981 Messages Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, has been found in Huawei AP2000, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, S5700, SVN5600, SVN5800, SVN5800-C, SeMG9811, Secospace AntiDDoS8000, Secospace USG6300, Secospace USG6500, Secospace USG6600, USG6000V and eSpace U1981. Affected by this issue is an unknown part. The manipulation as part of a Messages leads to a memory corruption vulnerability (Out-of-Bounds). Using CWE to declare the problem leads to CWE-119. Impacted is confidentiality, integrity, and availability.

The weakness was released 12/13/2019. This vulnerability is handled as CVE-2019-5255 since 01/04/2019. The attack may be launched remotely. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 12/14/2019).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Entry connected to this vulnerability is available at 147205.

Vendor

Name

VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.3

VulDB Base Score: 6.3
VulDB Temp Score: 6.3
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Memory corruption / Out-of-Bounds (CWE-119)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: no mitigation known

0-Day Time: 🔒

01/04/2019 CVE assigned
12/13/2019 +343 days Advisory disclosed
12/14/2019 +1 days VulDB entry created
12/14/2019 +0 days VulDB last updateVendor: huawei.com
CVE: CVE-2019-5255 (🔒)
See also: 🔒Created: 12/14/2019 06:26 PM
Complete: 🔍

Comments are closed.