Sign-up

ID

VAR-202002-0579


CVE

CVE-2020-1814


TITLE

plural Huawei In the product NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-002088

DESCRIPTION

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal. plural Huawei In the product NULL Pointer dereference vulnerabilityService operation interruption (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-1814 // JVNDB: JVNDB-2020-002088

AFFECTED PRODUCTS

vendor:huaweimodel:nip6800scope:eqversion:v500r001c30

Trust: 1.8

vendor:huaweimodel:nip6800scope:eqversion:v500r001c60spc500

Trust: 1.8

vendor:huaweimodel:nip6800scope:eqversion:v500r005c00

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30spc200

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30spc600

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c60spc500

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r005c00

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc200

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc600

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c60spc500

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r005c00

Trust: 1.8

sources: JVNDB: JVNDB-2020-002088 // NVD: CVE-2020-1814

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1814
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002088
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202002-739
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-1814
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002088
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-1814
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002088
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-002088 // CNNVD: CNNVD-202002-739 // NVD: CVE-2020-1814

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-362

Trust: 1.0

problemtype:CWE-476

Trust: 0.8

sources: JVNDB: JVNDB-2020-002088 // NVD: CVE-2020-1814

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-739

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202002-739

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002088

PATCH
title:huawei-sa-20200212-01-firewallurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-firewall-en
Trust: 0.8
title:Huawei NIP6800 , Secospace USG6600  and USG9500 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109995
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002088 // 
            
            
            
            CNNVD: CNNVD-202002-739

EXTERNAL IDS
db:NVDid:CVE-2020-1814
Trust: 2.4
db:JVNDBid:JVNDB-2020-002088
Trust: 0.8
db:CNNVDid:CNNVD-202002-739
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002088 // 
            
            
            
            CNNVD: CNNVD-202002-739 // 
            
            
            
            NVD: CVE-2020-1814

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-firewall-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1814
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-1814
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200212-03-firewall-cn
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002088 // 
            
            
            
            CNNVD: CNNVD-202002-739 // 
            
            
            
            NVD: CVE-2020-1814

SOURCES
db:JVNDBid:JVNDB-2020-002088
db:CNNVDid:CNNVD-202002-739
db:NVDid:CVE-2020-1814

LAST UPDATE DATE
2024-11-23T21:51:40.237000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-002088date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-739date:2021-08-16T00:00:00
db:NVDid:CVE-2020-1814date:2024-11-21T05:11:25.960

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-002088date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-739date:2020-02-12T00:00:00
db:NVDid:CVE-2020-1814date:2020-02-18T02:15:10.703