CVE-2020-9124

There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak.

Published: Dec 29, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9124
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-401

Affected Software
References

Software	From	Fixed in
huawei / cloudengine_12800_firmware	200r002c50spc800	200r002c50spc800.x
huawei / cloudengine_12800_firmware	200r003c00spc810	200r003c00spc810.x
huawei / cloudengine_12800_firmware	200r005c00spc800	200r005c00spc800.x
huawei / cloudengine_12800_firmware	200r005c10spc800	200r005c10spc800.x
huawei / cloudengine_5800_firmware	200r002c50spc800	200r002c50spc800.x
huawei / cloudengine_5800_firmware	200r003c00spc810	200r003c00spc810.x
huawei / cloudengine_5800_firmware	200r005c00spc800	200r005c00spc800.x
huawei / cloudengine_5800_firmware	200r005c10spc800	200r005c10spc800.x
huawei / cloudengine_6800_firmware	200r002c50spc800	200r002c50spc800.x
huawei / cloudengine_6800_firmware	200r003c00spc810	200r003c00spc810.x
huawei / cloudengine_6800_firmware	200r005c00spc800	200r005c00spc800.x
huawei / cloudengine_6800_firmware	200r005c10spc800	200r005c10spc800.x
huawei / cloudengine_7800_firmware	200r002c50spc800	200r002c50spc800.x
huawei / cloudengine_7800_firmware	200r003c00spc810	200r003c00spc810.x
huawei / cloudengine_7800_firmware	200r005c00spc800	200r005c00spc800.x
huawei / cloudengine_7800_firmware	200r005c10spc800	200r005c10spc800.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en

Vulnerability Database

289,599

CVE-2020-9124