Lucene search

Huawei TechnologiesHUAWEI-SA-20200415-01-OOB

HistoryApr 15, 2020 - 12:00 a.m.

Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Products

2020-04-1500:00:00

Huawei Technologies

www.huawei.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

35.1%

JSON

There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.(Vulnerability ID: HWPSIRT-2018-12050)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9071.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-01-oob-en

Affected configurations

Vulners

Node

huaweiar120Matchv200r007c00spc900

huaweiar120Matchv200r007c00spca00

huaweiar120Matchv200r007c00spcb00

huaweiar120Matchv200r007c00spcc00

huaweiar1200Matchv200r007c00spc900

huaweiar1200Matchv200r007c00spc900pwe

huaweiar1200Matchv200r007c00spca00

huaweiar1200Matchv200r007c00spcb00

huaweiar1200Matchv200r007c00spcb00pwe

huaweiar1200Matchv200r007c00spcc00

huaweiar1200Matchv200r007c00spc900

huaweiar1200Matchv200r007c00spcb00

huaweiar1200Matchv200r007c00spcc00

huaweiar150Matchv200r007c00spc900

huaweiar150Matchv200r007c00spc900pwe

huaweiar150Matchv200r007c00spcb00

huaweiar150Matchv200r007c00spcb00pwe

huaweiar150Matchv200r007c00spcc00

huaweiar150Matchv200r007c00spc900

huaweiar150Matchv200r007c00spcb00

huaweiar150Matchv200r007c00spcc00

huaweiar160Matchv200r007c00spc900

huaweiar160Matchv200r007c00spc900pwe

huaweiar160Matchv200r007c00spcb00

huaweiar160Matchv200r007c00spcb00pwe

huaweiar160Matchv200r007c00spcc00

huaweiar200Matchv200r007c00spc900

huaweiar200Matchv200r007c00spc900pwe

huaweiar200Matchv200r007c00spcb00

huaweiar200Matchv200r007c00spcb00pwe

huaweiar200Matchv200r007c00spcc00

huaweiar200Matchv200r007c00spc900

huaweiar200Matchv200r007c00spcb00

huaweiar200Matchv200r007c00spcc00

huaweiar2200Matchv200r007c00spc900

huaweiar2200Matchv200r007c00spc900pwe

huaweiar2200Matchv200r007c00spca00

huaweiar2200Matchv200r007c00spcb00

huaweiar2200Matchv200r007c00spcb00pwe

huaweiar2200Matchv200r007c00spcc00

huaweiar2200Matchv200r007c00spc900

huaweiar2200Matchv200r007c00spcb00

huaweiar2200Matchv200r007c00spcc00

huaweiar3200Matchv200r007c00

huaweiar3200Matchv200r007c00spc900

huaweiar3200Matchv200r007c00spc900pwe

huaweiar3200Matchv200r007c00spca00

huaweiar3200Matchv200r007c00spcb00

huaweiar3200Matchv200r007c00spcb00pwe

huaweiar3200Matchv200r007c00spcc00

huaweiar3600Matchv200r007c00spc900

huaweiar3600Matchv200r007c00spc900pwe

huaweiar3600Matchv200r007c00spcb00

huaweiar3600Matchv200r007c00spcb00pwe

huaweiar3600Matchv200r007c00spcc00

huaweiar510Matchv200r007c00spc900

huaweinetengine16exMatchv200r007c00spc900

huaweinetengine16exMatchv200r007c00spcb00

huaweinetengine16exMatchv200r007c00spcc00

huaweisrg1300Matchv200r007c00spc900

huaweisrg1300Matchv200r007c00spcb00

huaweisrg1300Matchv200r007c00spcc00

huaweisrg2300Matchv200r007c00spc900

huaweisrg2300Matchv200r007c00spcb00

huaweisrg2300Matchv200r007c00spcc00

huaweisrg3300Matchv200r007c00spc900

huaweisrg3300Matchv200r007c00spcb00

huaweisrg3300Matchv200r007c00spcc00

CPENameOperatorVersion
ar120-seqV200R007C00SPC900
ar120-seqV200R007C00SPCa00
ar120-seqV200R007C00SPCb00
ar120-seqV200R007C00SPCc00
ar1200eqV200R007C00SPC900
ar1200eqV200R007C00SPC900PWE
ar1200eqV200R007C00SPCa00
ar1200eqV200R007C00SPCb00
ar1200eqV200R007C00SPCb00PWE
ar1200eqV200R007C00SPCc00

Name	Operator	Version
ar120-s	eq	V200R007C00SPC900
ar120-s	eq	V200R007C00SPCa00
ar120-s	eq	V200R007C00SPCb00
ar120-s	eq	V200R007C00SPCc00
ar1200	eq	V200R007C00SPC900
ar1200	eq	V200R007C00SPC900PWE
ar1200	eq	V200R007C00SPCa00
ar1200	eq	V200R007C00SPCb00
ar1200	eq	V200R007C00SPCb00PWE
ar1200	eq	V200R007C00SPCc00

Rows per page:

1-10 of 681

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

35.1%

JSON

Related for HUAWEI-SA-20200415-01-OOB