Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20200122-09-EUDEMON
HistoryJan 22, 2020 - 12:00 a.m.

Security Advisory - Out of Bounds Read Vulnerability in Several Products

2020-01-2200:00:00
Huawei Technologies
www.huawei.com
16

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

25.7%

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. (Vulnerability ID: HWPSIRT-2019-12425)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-1866.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en

Affected configurations

Vulners
Node
huaweinip6800MatchV500R001C30
OR
huaweinip6800MatchV500R001C60SPC500
OR
huaweinip6800MatchV500R005C00
OR
huaweis12700MatchV200R008C00
OR
huaweis2700MatchV200R008C00
OR
huaweis5700MatchV200R008C00
OR
huaweis6700MatchV200R008C00
OR
huaweis7700MatchV200R008C00
OR
huaweis9700MatchV200R008C00
OR
huaweisecospace_usg6600MatchV500R001C30SPC200
OR
huaweisecospace_usg6600MatchV500R001C30SPC600
OR
huaweisecospace_usg6600MatchV500R001C60SPC500
OR
huaweisecospace_usg6600MatchV500R005C00
OR
huaweiusg9500MatchV500R001C30SPC300
OR
huaweiusg9500MatchV500R001C30SPC600
OR
huaweiusg9500MatchV500R001C60SPC500
OR
huaweiusg9500MatchV500R005C00

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

25.7%

Related for HUAWEI-SA-20200122-09-EUDEMON