CVE-2020-9124

There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en	Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:::::::*
	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:::::::*
	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:::::::*
	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:::::::*

cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:::::::*
	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:::::::*
	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:::::::*
	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:::::::*

cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r002c50spc800:::::::*
	cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r003c00spc810:::::::*
	cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c00spc800:::::::*
	cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c10spc800:::::::*

cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r002c50spc800:::::::*
	cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r003c00spc810:::::::*
	cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c00spc800:::::::*
	cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c10spc800:::::::*

cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:40

Type	Values Removed	Values Added
References	~~() https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en - Vendor Advisory~~	() https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en - Vendor Advisory

Information

Published : 2020-12-29 18:15

Updated : 2024-11-21 05:40

NVD link : CVE-2020-9124

Mitre link : CVE-2020-9124

CVE.ORG link : CVE-2020-9124

JSON object : View

Products Affected

huawei

cloudengine_5800
cloudengine_5800_firmware
cloudengine_6800_firmware
cloudengine_12800
cloudengine_6800
cloudengine_7800_firmware
cloudengine_7800
cloudengine_12800_firmware

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2020-9124", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-12-29T18:15:13.230", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de p\u00e9rdida de memoria en algunas versiones del producto Huawei CloudEngine. Un atacante remoto no autenticado puede explotar esta vulnerabilidad mediante el env\u00edo de un mensaje espec\u00edfico al producto afectado. Debido a que no se libera la memoria asignada apropiadamente, una explotaci\u00f3n con \u00e9xito puede causar p\u00e9rdida de memoria"}], "lastModified": "2024-11-21T05:40:05.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2A1D568-48C6-4CE4-8CD2-93F79F484448"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32438232-3341-4056-B801-AA8F0F9E8DEC"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32EF3B57-0B07-40C0-943D-2C21EEE4D747"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6A9B879-DBF0-4F31-9BF8-7148BC2FCED5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE8A2875-0F7E-4790-A925-5999396B7578"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C78467A9-4091-4710-BFB8-A6FB0606BDF5"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB2923DC-9667-46F3-B879-C8C1DAECCC6F"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BA3C214-FBB1-428A-8C0B-DF797296FC0E"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38CAD360-6AD5-4714-91BE-0AAB516EDA79"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8FD775C-F6B6-42B3-942E-EB4DC889B5F0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r002c50spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7D33183-3C97-4EA6-90F7-55ED36F710E5"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r003c00spc810:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA5CC84F-27DD-4D5E-8F28-CD7D12EAD2D7"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F5DDE2E-B7B3-4D7A-A3EA-C15F968F1186"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "369FD60C-215C-4172-9CFC-39AD5492BE17"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19F2B3CC-12AD-466D-98F9-0C09C7C053CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r002c50spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14C55E1D-E4E8-4E8F-8D3E-E3A72C5A45D8"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r003c00spc810:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70D64B7D-AA9B-476B-8389-617799BAC702"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72424532-AB07-47DF-8301-275D6EC2F6D9"}, {"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c10spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4196899F-1AB3-429A-B334-3B059DFBCAFD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D05E858C-A3D8-4BF1-A750-CFD8C949ABF0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-9124

7.5^/10

5.0^/10

Attach tags to `CVE-2020-9124`