CVE-2020-1819

Summary

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)

The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Affected Software

VendorProductVersion RangeStatus
HuaweiIPS ModuleV500R001C30affected
HuaweiIPS ModuleV500R001C60affected
HuaweiIPS ModuleV500R005C00affected
HuaweiNGFW ModuleV500R002C00affected
HuaweiNGFW ModuleV500R002C20affected
HuaweiNGFW ModuleV500R005C00affected
HuaweiNIP6300V500R001C30affected
HuaweiNIP6300V500R001C60affected
HuaweiNIP6300V500R005C00affected
HuaweiNIP6600V500R001C30affected
HuaweiNIP6600V500R001C60affected
HuaweiNIP6600V500R005C00affected
HuaweiNIP6800V500R001C60affected
HuaweiNIP6800V500R005C00affected
HuaweiSecospace USG6300V500R001C30affected
HuaweiSecospace USG6300V500R001C60affected
HuaweiSecospace USG6300V500R005C00affected
HuaweiSecospace USG6500V500R001C30affected
HuaweiSecospace USG6500V500R001C60affected
HuaweiSecospace USG6500V500R005C00affected
HuaweiSecospace USG6600V500R001C30affected
HuaweiSecospace USG6600V500R005C00affected
HuaweiUSG6000VV500R003C00affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References