CVE-2020-1828
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service.
Affected (11)
Products: Huawei: Nip6800 Firmware, Secospace Usg6600 Firmware, Usg9500 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version v500r001c30 |
| Running on/with | Platform Versions |
|---|---|
Huawei Nip6800 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version v500r001c30spc200 |
| Running on/with | Platform Versions |
|---|---|
Huawei Secospace Usg6600 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version v500r001c30spc200 |
| Running on/with | Platform Versions |
|---|---|
Huawei Usg9500 | All versions |
Related CWEs
CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-20
Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
References (2)
Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.