CVE-2018-7994

Name of the Vulnerable Software and Affected Versions: Huawei IPS Module versions V500R001C50 Huawei NGFW Module versions V500R001C50; V500R002C10 Huawei NIP6300 versions V500R001C50 Huawei NIP6600 versions V500R001C50 Huawei NIP6800 versions V500R001C50 Huawei Secospace USG6600 versions V500R001C50 Huawei USG9500 versions V500R001C50

Description: The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot of questionnaires to the device, and a successful exploit could cause the device to reboot since it runs out of memory.

Recommendations: For Huawei IPS Module version V500R001C50, update the software to a version that properly releases allocated memory when processing questionnaires. For Huawei NGFW Module versions V500R001C50 and V500R002C10, update the software to a version that properly releases allocated memory when processing questionnaires. For Huawei NIP6300 version V500R001C50, update the software to a version that properly releases allocated memory when processing questionnaires. For Huawei NIP6600 version V500R001C50, update the software to a version that properly releases allocated memory when processing questionnaires. For Huawei NIP6800 version V500R001C50, update the software to a version that properly releases allocated memory when processing questionnaires. For Huawei Secospace USG6600 version V500R001C50, update the software to a version that properly releases allocated memory when processing questionnaires. For Huawei USG9500 version V500R001C50, update the software to a version that properly releases allocated memory when processing questionnaires. As a temporary workaround, consider restricting the number of questionnaires that can be sent to the device to minimize the risk of exploitation.