CVE-2020-1819
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)
The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Huawei | IPS Module | V500R001C30 | affected |
| Huawei | IPS Module | V500R001C60 | affected |
| Huawei | IPS Module | V500R005C00 | affected |
| Huawei | NGFW Module | V500R002C00 | affected |
| Huawei | NGFW Module | V500R002C20 | affected |
| Huawei | NGFW Module | V500R005C00 | affected |
| Huawei | NIP6300 | V500R001C30 | affected |
| Huawei | NIP6300 | V500R001C60 | affected |
| Huawei | NIP6300 | V500R005C00 | affected |
| Huawei | NIP6600 | V500R001C30 | affected |
| Huawei | NIP6600 | V500R001C60 | affected |
| Huawei | NIP6600 | V500R005C00 | affected |
| Huawei | NIP6800 | V500R001C60 | affected |
| Huawei | NIP6800 | V500R005C00 | affected |
| Huawei | Secospace USG6300 | V500R001C30 | affected |
| Huawei | Secospace USG6300 | V500R001C60 | affected |
| Huawei | Secospace USG6300 | V500R005C00 | affected |
| Huawei | Secospace USG6500 | V500R001C30 | affected |
| Huawei | Secospace USG6500 | V500R001C60 | affected |
| Huawei | Secospace USG6500 | V500R005C00 | affected |
| Huawei | Secospace USG6600 | V500R001C30 | affected |
| Huawei | Secospace USG6600 | V500R005C00 | affected |
| Huawei | USG6000V | V500R003C00 | affected |
Weaknesses
- CWE-125: CWE-125 Out-of-bounds Read
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.