CVE-2018-7994

HIGH

Huawei IPS/NIP/USG - Memory Corruption

Title source: llm

Description

Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en

Scores

CVSS v3 7.5

EPSS 0.0028

EPSS Percentile 51.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-772

Status published

Affected Products (8)

huawei/ips_module

huawei/ngfw_module

huawei/nip6300

huawei/nip6600

huawei/nip6800

huawei/secospace_usg6600

huawei/usg9500

Timeline

Published Jul 31, 2018

Tracked Since Feb 18, 2026