Lucene search

Huawei TechnologiesHUAWEI-SA-20200715-01-OUTOFBOUNDSWRITE

HistoryJul 15, 2020 - 12:00 a.m.

Security Advisory - Out-of-bounds Write Vulnerability in Some Huawei Products

2020-07-1500:00:00

Huawei Technologies

www.huawei.com

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

26.9%

JSON

There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. (Vulnerability ID: HWPSIRT-2020-01201)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9101.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-01-outofboundswrite-en

Affected configurations

Vulners

Node

huaweiips_moduleMatchv500r005c00

huaweiips_moduleMatchv500r005c10

huaweingfw_moduleMatchv500r005c00

huaweingfw_moduleMatchv500r005c10

huaweisecospace_usg6300Matchv500r001c30

huaweisecospace_usg6300Matchv500r001c60

huaweisecospace_usg6300Matchv500r005c00

huaweisecospace_usg6300Matchv500r005c10

huaweisecospace_usg6500Matchv500r001c30

huaweisecospace_usg6500Matchv500r001c60

huaweisecospace_usg6500Matchv500r005c00

huaweisecospace_usg6500Matchv500r005c10

huaweisecospace_usg6600Matchv500r001c30

huaweisecospace_usg6600Matchv500r001c60

huaweisecospace_usg6600Matchv500r005c00

huaweisecospace_usg6600Matchv500r005c10

huaweiusg9500Matchv500r001c30

huaweiusg9500Matchv500r001c60

huaweiusg9500Matchv500r005c00

huaweiusg9500Matchv500r005c10

CPENameOperatorVersion
ips moduleeqV500R005C00
ips moduleeqV500R005C10
ngfw moduleeqV500R005C00
ngfw moduleeqV500R005C10
secospace usg6300eqV500R001C30
secospace usg6300eqV500R001C60
secospace usg6300eqV500R005C00
secospace usg6300eqV500R005C10
secospace usg6500eqV500R001C30
secospace usg6500eqV500R001C60

Name	Operator	Version
ips module	eq	V500R005C00
ips module	eq	V500R005C10
ngfw module	eq	V500R005C00
ngfw module	eq	V500R005C10
secospace usg6300	eq	V500R001C30
secospace usg6300	eq	V500R001C60
secospace usg6300	eq	V500R005C00
secospace usg6300	eq	V500R005C10
secospace usg6500	eq	V500R001C30
secospace usg6500	eq	V500R001C60

Rows per page:

1-10 of 201

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for HUAWEI-SA-20200715-01-OUTOFBOUNDSWRITE