CVE-2018-7920

EPSS 0.28%
Veröffentlicht 19.04.2018 14:29:00
Zuletzt bearbeitet 21.11.2024 04:12:57
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an improper resource management vulnerability. Due to the improper implementation of ACL mechanism, a remote attacker may send TCP messages to the management interface of the affected device to exploit this vulnerability. Successful exploit could exhaust the socket resource of management interface, leading to a DoS condition.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Ar1200 Firmware Versionv200r006c10spc300

Huawei ≫ Ar1200 Version-

Huawei ≫ Ar160 Firmware Versionv200r006c10spc300

Huawei ≫ Ar160 Version-

Huawei ≫ Ar200 Firmware Versionv200r006c10spc300

Huawei ≫ Ar200 Version-

Huawei ≫ Ar2200 Firmware Versionv200r006c10spc300

Huawei ≫ Ar2200 Version-

Huawei ≫ Ar3200 Firmware Versionv200r006c10spc300

Huawei ≫ Ar3200 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.481

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-ar-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-7920

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-7920

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-7920

EUVD