Sign-up

ID

VAR-202002-0580


CVE

CVE-2020-1815


TITLE

plural Huawei Vulnerability in lack of release of resources after valid lifetime in product

Trust: 0.8

sources: JVNDB: JVNDB-2020-002094

DESCRIPTION

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust. plural Huawei The product is vulnerable to a lack of resource release after a valid lifetime.Service operation interruption (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-1815 // JVNDB: JVNDB-2020-002094

AFFECTED PRODUCTS

vendor:huaweimodel:nip6800scope:eqversion:v500r001c60spc500

Trust: 2.4

vendor:huaweimodel:nip6800scope:eqversion:v500r005c00

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30spc200

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c60spc500

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r005c00

Trust: 2.4

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc200

Trust: 2.4

vendor:huaweimodel:usg9500scope:eqversion:v500r005c00

Trust: 2.4

vendor:huaweimodel:nip6800scope:eqversion:v500r001c30

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30spc600

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc600

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c60spc500

Trust: 1.8

vendor:huaweimodel:nip6800scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:usg9500scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:secospace usg6600scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2020-002094 // CNNVD: CNNVD-202002-874 // NVD: CVE-2020-1815

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1815
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002094
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202002-874
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-1815
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002094
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-1815
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002094
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-002094 // CNNVD: CNNVD-202002-874 // NVD: CVE-2020-1815

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.0

problemtype:CWE-772

Trust: 0.8

sources: JVNDB: JVNDB-2020-002094 // NVD: CVE-2020-1815

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-874

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202002-874

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002094

PATCH
title:huawei-sa-20200212-02-firewallurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-firewall-en
Trust: 0.8
title:Huawei NIP6800 , Secospace USG6600  and USG9500 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110233
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002094 // 
            
            
            
            CNNVD: CNNVD-202002-874

EXTERNAL IDS
db:NVDid:CVE-2020-1815
Trust: 2.4
db:JVNDBid:JVNDB-2020-002094
Trust: 0.8
db:CNNVDid:CNNVD-202002-874
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002094 // 
            
            
            
            CNNVD: CNNVD-202002-874 // 
            
            
            
            NVD: CVE-2020-1815

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-firewall-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-1815
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1815
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002094 // 
            
            
            
            CNNVD: CNNVD-202002-874 // 
            
            
            
            NVD: CVE-2020-1815

SOURCES
db:JVNDBid:JVNDB-2020-002094
db:CNNVDid:CNNVD-202002-874
db:NVDid:CVE-2020-1815

LAST UPDATE DATE
2024-11-23T22:21:20.475000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-002094date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-874date:2020-02-21T00:00:00
db:NVDid:CVE-2020-1815date:2024-11-21T05:11:26.107

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-002094date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-874date:2020-02-17T00:00:00
db:NVDid:CVE-2020-1815date:2020-02-18T00:15:11.257