Lucene search

Huawei TechnologiesHUAWEI-SA-20200624-01-DOS

HistoryJun 24, 2020 - 12:00 a.m.

Security Advisory - Denial of Service Vulnerability in Several Products

2020-06-2400:00:00

Huawei Technologies

www.huawei.com

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

25.0%

JSON

There is a denial of service vulnerability in several products. The device does not properly handle certain message from base station, the attacker should craft a fake base station to launch the attack, successful exploit could cause a denial of signal service condition. (Vulnerability ID: HWPSIRT-2020-02167)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-1837.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200624-01-dos-en

Affected configurations

Vulners

Node

huaweicolumbia-al10b_firmwareRange<10.0.0.178

huaweicolumbia-l29d_firmwareRange<10.0.0.177

huaweibond-tl10c_firmwareRange<10.0.0.178

huaweicornell-al00a_firmwareRange<9.1.0.346

huaweiflorida-l21_firmwareRange<9.1.0.136

huaweidura-tl00a_firmwareRange<9.1.0.136

huaweip20_pro_firmwareRange<10.0.0.172

huaweinova_3_firmwareRange<9.1.0.351

huaweinova_4_firmwareRange<10.0.0.160

huaweilelandp-l22d_firmwareRange<9.1.0.139

huaweitag-al00_firmwareRange<10.0.0.170

VendorProductVersionCPE
huaweicolumbia-al10b_firmware*cpe:2.3:o:huawei:columbia-al10b_firmware:*:*:*:*:*:*:*:*
huaweicolumbia-l29d_firmware*cpe:2.3:o:huawei:columbia-l29d_firmware:*:*:*:*:*:*:*:*
huaweibond-tl10c_firmware*cpe:2.3:o:huawei:bond-tl10c_firmware:*:*:*:*:*:*:*:*
huaweicornell-al00a_firmware*cpe:2.3:o:huawei:cornell-al00a_firmware:*:*:*:*:*:*:*:*
huaweiflorida-l21_firmware*cpe:2.3:o:huawei:florida-l21_firmware:*:*:*:*:*:*:*:*
huaweidura-tl00a_firmware*cpe:2.3:o:huawei:dura-tl00a_firmware:*:*:*:*:*:*:*:*
huaweip20_pro_firmware*cpe:2.3:o:huawei:p20_pro_firmware:*:*:*:*:*:*:*:*
huaweinova_3_firmware*cpe:2.3:o:huawei:nova_3_firmware:*:*:*:*:*:*:*:*
huaweinova_4_firmware*cpe:2.3:o:huawei:nova_4_firmware:*:*:*:*:*:*:*:*
huaweilelandp-l22d_firmware*cpe:2.3:o:huawei:lelandp-l22d_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	columbia-al10b_firmware	*	cpe:2.3:o:huawei:columbia-al10b_firmware::::::::
huawei	columbia-l29d_firmware	*	cpe:2.3:o:huawei:columbia-l29d_firmware::::::::
huawei	bond-tl10c_firmware	*	cpe:2.3:o:huawei:bond-tl10c_firmware::::::::
huawei	cornell-al00a_firmware	*	cpe:2.3:o:huawei:cornell-al00a_firmware::::::::
huawei	florida-l21_firmware	*	cpe:2.3:o:huawei:florida-l21_firmware::::::::
huawei	dura-tl00a_firmware	*	cpe:2.3:o:huawei:dura-tl00a_firmware::::::::
huawei	p20_pro_firmware	*	cpe:2.3:o:huawei:p20_pro_firmware::::::::
huawei	nova_3_firmware	*	cpe:2.3:o:huawei:nova_3_firmware::::::::
huawei	nova_4_firmware	*	cpe:2.3:o:huawei:nova_4_firmware::::::::
huawei	lelandp-l22d_firmware	*	cpe:2.3:o:huawei:lelandp-l22d_firmware::::::::

Rows per page:

1-10 of 111

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

25.0%

JSON

Related for HUAWEI-SA-20200624-01-DOS