Lucene search

Huawei TechnologiesHUAWEI-SA-20201230-02-CLOUDENGINE

HistoryDec 30, 2020 - 12:00 a.m.

Security Advisory - Out-of-Bounds Read Vulnerability in Huawei CloudEngine Products

2020-12-3000:00:00

Huawei Technologies

www.huawei.com

huawei

cloudengine

vulnerability

out-of-bounds read

pim message

software updates

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

32.2%

JSON

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation. (Vulnerability ID: HWPSIRT-2020-29854)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-1865.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-02-cloudengine-en

Affected configurations

Vulners

Node

huaweicloudengine_12800_firmwareMatchv200r002c50spc800

huaweicloudengine_12800_firmwareMatchv200r003c00spc810

huaweicloudengine_12800_firmwareMatchv200r005c00spc800

huaweicloudengine_12800_firmwareMatchv200r005c10spc800

huaweicloudengine_12800_firmwareMatchv200r019c00spc800

huaweicloudengine_12800_firmwareMatchv200r019c10spc800

huaweicloudengine_5800_firmwareMatchv200r002c50spc800

huaweicloudengine_5800_firmwareMatchv200r003c00spc810

huaweicloudengine_5800_firmwareMatchv200r005c00spc800

huaweicloudengine_5800_firmwareMatchv200r005c10spc800

huaweicloudengine_5800_firmwareMatchv200r019c00spc800

huaweicloudengine_5800_firmwareMatchv200r019c10spc800

huaweicloudengine_6800_firmwareMatchv200r002c50spc800

huaweicloudengine_6800_firmwareMatchv200r003c00spc810

huaweicloudengine_6800_firmwareMatchv200r005c00spc800

huaweicloudengine_6800_firmwareMatchv200r005c10spc800

huaweicloudengine_6800_firmwareMatchv200r005c20spc800

huaweicloudengine_6800_firmwareMatchv200r019c00spc800

huaweicloudengine_6800_firmwareMatchv200r019c10spc800

huaweicloudengine_7800_firmwareMatchv200r002c50spc800

huaweicloudengine_7800_firmwareMatchv200r003c00spc810

huaweicloudengine_7800_firmwareMatchv200r005c00spc800

huaweicloudengine_7800_firmwareMatchv200r005c10spc800

huaweicloudengine_7800_firmwareMatchv200r019c00spc800

huaweicloudengine_7800_firmwareMatchv200r019c10spc800

VendorProductVersionCPE
huaweicloudengine_12800_firmwarev200r002c50spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r003c00spc810cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r005c00spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r005c10spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r019c00spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*
huaweicloudengine_12800_firmwarev200r019c10spc800cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc800:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r002c50spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r003c00spc810cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r005c00spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*
huaweicloudengine_5800_firmwarev200r005c10spc800cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	cloudengine_12800_firmware	v200r002c50spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:::::::*
huawei	cloudengine_12800_firmware	v200r003c00spc810	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:::::::*
huawei	cloudengine_12800_firmware	v200r005c00spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:::::::*
huawei	cloudengine_12800_firmware	v200r005c10spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:::::::*
huawei	cloudengine_12800_firmware	v200r019c00spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:::::::*
huawei	cloudengine_12800_firmware	v200r019c10spc800	cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc800:::::::*
huawei	cloudengine_5800_firmware	v200r002c50spc800	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:::::::*
huawei	cloudengine_5800_firmware	v200r003c00spc810	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:::::::*
huawei	cloudengine_5800_firmware	v200r005c00spc800	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:::::::*
huawei	cloudengine_5800_firmware	v200r005c10spc800	cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:::::::*

Rows per page:

1-10 of 251

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

32.2%

JSON

Related for HUAWEI-SA-20201230-02-CLOUDENGINE