CVE-2020-1866

Published: Jan 13, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00.

Affected (17)

Products: Huawei: Nip6800 Firmware, S12700 Firmware, S2700 Firmware, S5700 Firmware, S6700 Firmware, S7700 Firmware, S9700 Firmware, Secospace Usg6600 Firmware, Usg9500 Firmware

9 products

Secospace Usg6600 Firmware

Usg9500 Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Nip6800 Firmware	Version v500r001c30
Huawei Nip6800 Firmware	Version v500r001c60spc500
Huawei Nip6800 Firmware	Version v500r005c00

Running on/with	Platform Versions
Huawei Nip6800	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S12700 Firmware	Version v200r008c00

Running on/with	Platform Versions
Huawei S12700	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S2700 Firmware	Version v200r008c00

Running on/with	Platform Versions
Huawei S2700	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S5700 Firmware	Version v200r008c00

Running on/with	Platform Versions
Huawei S5700	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S6700 Firmware	Version v200r008c00

Running on/with	Platform Versions
Huawei S6700	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S7700 Firmware	Version v200r008c00

Running on/with	Platform Versions
Huawei S7700	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei S9700 Firmware	Version v200r008c00

Running on/with	Platform Versions
Huawei S9700	All versions

Configuration H

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Secospace Usg6600 Firmware	Version v500r001c30spc200
Huawei Secospace Usg6600 Firmware	Version v500r001c30spc600
Huawei Secospace Usg6600 Firmware	Version v500r001c60spc500
Huawei Secospace Usg6600 Firmware	Version v500r005c00

Running on/with	Platform Versions
Huawei Secospace Usg6600	All versions

Configuration I

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Usg9500 Firmware	Version v500r001c30spc300
Huawei Usg9500 Firmware	Version v500r001c30spc600
Huawei Usg9500 Firmware	Version v500r001c60spc500
Huawei Usg9500 Firmware	Version v500r005c00

Running on/with	Platform Versions
Huawei Usg9500	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.