Lucene search

[email protected]CVE-2020-1876

HistoryFeb 28, 2020 - 7:15 p.m.

CVE-2020-1876

2020-02-2819:15:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2020-1876

nip6800

secospace usg6600

usg9500

v500r001c30

v500r001c60spc500

v500r005c00spc100

nvd

security vulnerability

packet validation

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

44.3%

JSON

NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot.

CPENameOperatorVersion
huawei:nip6800_firmwarehuawei nip6800 firmwareeqv500r001c30
huawei:nip6800_firmwarehuawei nip6800 firmwareeqv500r001c60spc500
huawei:nip6800_firmwarehuawei nip6800 firmwareeqv500r005c00
huawei:secospace_usg6600_firmwarehuawei secospace usg6600 firmwareeqv500r001c30spc600
huawei:secospace_usg6600_firmwarehuawei secospace usg6600 firmwareeqv500r001c60spc500
huawei:secospace_usg6600_firmwarehuawei secospace usg6600 firmwareeqv500r005c00
huawei:usg9500_firmwarehuawei usg9500 firmwareeqv500r001c30spc200
huawei:usg9500_firmwarehuawei usg9500 firmwareeqv500r001c30spc600
huawei:usg9500_firmwarehuawei usg9500 firmwareeqv500r001c60spc500
huawei:usg9500_firmwarehuawei usg9500 firmwareeqv500r005c00

CPE	Name	Operator	Version
huawei:nip6800_firmware	huawei nip6800 firmware	eq	v500r001c30
huawei:nip6800_firmware	huawei nip6800 firmware	eq	v500r001c60spc500
huawei:nip6800_firmware	huawei nip6800 firmware	eq	v500r005c00
huawei:secospace_usg6600_firmware	huawei secospace usg6600 firmware	eq	v500r001c30spc600
huawei:secospace_usg6600_firmware	huawei secospace usg6600 firmware	eq	v500r001c60spc500
huawei:secospace_usg6600_firmware	huawei secospace usg6600 firmware	eq	v500r005c00
huawei:usg9500_firmware	huawei usg9500 firmware	eq	v500r001c30spc200
huawei:usg9500_firmware	huawei usg9500 firmware	eq	v500r001c30spc600
huawei:usg9500_firmware	huawei usg9500 firmware	eq	v500r001c60spc500
huawei:usg9500_firmware	huawei usg9500 firmware	eq	v500r005c00

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-en

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

44.3%

JSON

Related for CVE-2020-1876

prion1 huawei1 cvelist1