PT-2019-17550 · Huawei · Usg9500+1

Publicado

2019-12-26

Atualizado

2019-12-31

CVE-2019-5275

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions USG9500 versions V500R001C30 through V500R001C60

Description The issue is related to a flaw in the X.509 implementation, which can cause a heap buffer overflow when decoding a certificate. This can be exploited by an attacker using a malicious certificate to perform a denial of service attack on the affected products.

Recommendations For USG9500 versions V500R001C30 through V500R001C60, consider restricting the use of the X.509 implementation until a patch is available. As a temporary workaround, avoid using certificates that may trigger the heap buffer overflow in the affected products.

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2019-5275

Produtos afetados

Huawei Vrp

Usg9500

PT-2019-17550 · Huawei · Usg9500+1

CVE-2019-5275

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3