Lucene search

[email protected]CVE-2020-9098

HistoryApr 30, 2020 - 10:15 p.m.

CVE-2020-9098

2020-04-3022:15:00

CWE-763

[email protected]

web.nvd.nist.gov

huawei

oceanstor 5310

v500r007c60spc100

invalid pointer access

vulnerability

nvd

cve-2020-9098

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

45.4%

JSON

Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot.

CPENameOperatorVersion
huawei:oceanstor_5310_firmwarehuawei oceanstor 5310 firmwareeqv500r007c60spc100

CPE	Name	Operator	Version
huawei:oceanstor_5310_firmware	huawei oceanstor 5310 firmware	eq	v500r007c60spc100

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200429-01-invalidpointer-en

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

45.4%

JSON

Related for CVE-2020-9098

cvelist1 prion1 huawei1