Felix Lindner

**Name of the Vulnerable Software and Affected Versions** Huawei Branch Intelligent Management System (BIMS) (affected versions not specified) Huawei AR routers (affected versions not specified) Huawei S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches (affected versions not specified) **Description** The issue is a stack-based buffer overflow in the HTTP module. This allows remote attackers to execute arbitrary code via a long URI. **Recommendations** For Huawei Branch Intelligent Management System (BIMS), update to a version that fixes the HTTP module issue. For Huawei AR routers, update to a version that fixes the HTTP module issue. For Huawei S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches, update to a version that fixes the HTTP module issue. As a temporary workaround, consider restricting access to the HTTP module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Huawei BIMS and web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches (affected versions not specified) **Description** The issue concerns the HTTP module in the affected systems, which fails to validate the length of HTTP data against the Content-Length field. This oversight allows remote HTTP servers to launch heap-based buffer overflow attacks, potentially leading to the execution of arbitrary code through crafted responses. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Huawei BIMS and web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches (affected versions not specified) **Description** The issue concerns the HTTP module in the affected systems, which generates predictable Session ID values. This predictability makes it easier for remote attackers to hijack sessions using a brute-force attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine versions prior to 4.2 **Description** The issue is related to multiple buffer overflows in the securecgi-bin/CSuserCGI.exe component of the User-Changeable Password (UCP) feature. This allows remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument. **Recommendations** For versions prior to 4.2, update to version 4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the securecgi-bin/CSuserCGI.exe component to minimize the risk of exploitation.