Strix
26.1K

CVE-2018-7994

UnknownEPSS 1.32%

Last modified

CVE-2018-7994 is a vulnerability of currently unknown severity. Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. EPSS estimates a 1.32% chance of exploitation in the next 30 days.

Description

Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.

Metrics

EPSS Probability
1.32%

67.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HuaweiIps Modulev500r001c50
HuaweiNgfw Modulev500r001c50
HuaweiNgfw Modulev500r002c10
HuaweiNip6300v500r001c50
HuaweiNip6600v500r001c50
HuaweiNip6800v500r001c50
HuaweiSecospace Usg6600v500r001c50
HuaweiUsg9500v500r001c50

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-7994?
Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.
How severe is CVE-2018-7994?
Severity scoring for CVE-2018-7994 is pending analysis. The EPSS model estimates a 1.32% probability of exploitation in the next 30 days.
How do I fix CVE-2018-7994?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-7994?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST