CVE-2019-5248

Vulnerability

The vulnerability exists in the Huawei CloudEngine 12800 series switches running firmware versions V200R001C00SPC600, V200R001C00SPC700, V200R002C01, V200R002C50SPC800, and V200R002C50SPC800PWE [1]. The device fails to properly handle a large number of specially crafted packets from a neighboring device, leading to a memory leak that degrades device stability until denial of service occurs.

Exploitation

An attacker must be on a directly connected neighboring network segment to send the crafted packets to the target device [1]. No authentication is required, and the attack involves sending a high volume of specific packets to the affected switch. The memory leak accumulates as the device processes each malicious packet, eventually exhausting available memory and forcing a system crash or hang.

Impact

Successful exploitation causes a denial of service (DoS) condition on the target CloudEngine 12800 switch [1]. The device becomes unresponsive, disrupting network services and connectivity for all systems relying on that switch. The impact is limited to availability; there is no evidence of information disclosure or privilege escalation from this vulnerability.

Mitigation

Huawei has released software updates to address this vulnerability [1]. The fixed version is V200R005C10SPC800, released before the advisory date of December 4, 2019 [1]. Users must upgrade to V200R005C10SPC800 or later. There are no known workarounds, and the product is not listed on the CISA KEV catalog. Vulnerable versions that are no longer supported should be upgraded immediately.