ID

VAR-202002-0581


CVE

CVE-2020-1816


TITLE

plural Huawei Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-002095

DESCRIPTION

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service (DoS) vulnerability. Due to improper processing of specific IPSEC packets, remote attackers can send constructed IPSEC packets to affected devices to exploit this vulnerability. Successful exploit could cause the IPSec function of the affected device abnormal. plural Huawei The product contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-1816 // JVNDB: JVNDB-2020-002095

AFFECTED PRODUCTS

vendor:huaweimodel:nip6800scope:eqversion:v500r001c30

Trust: 2.4

vendor:huaweimodel:nip6800scope:eqversion:v500r001c60spc500

Trust: 2.4

vendor:huaweimodel:nip6800scope:eqversion:v500r005c00

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30spc200

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30spc600

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c60spc500

Trust: 2.4

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r005c00

Trust: 2.4

vendor:huaweimodel:usg9500scope:eqversion:v500r005c00

Trust: 2.4

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc200

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc600

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c60spc500

Trust: 1.8

vendor:huaweimodel:nip6800scope:eqversion: -

Trust: 0.6

vendor:huaweimodel:usg9500scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2020-002095 // CNNVD: CNNVD-202002-873 // NVD: CVE-2020-1816

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1816
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002095
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202002-873
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-1816
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002095
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-1816
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002095
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-002095 // CNNVD: CNNVD-202002-873 // NVD: CVE-2020-1816

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2020-002095 // NVD: CVE-2020-1816

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-873

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-873

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002095

PATCH

title:huawei-sa-20200212-03-firewallurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-03-firewall-en

Trust: 0.8

title:Huawei NIP6800 , Secospace USG6600 and USG9500 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110232

Trust: 0.6

sources: JVNDB: JVNDB-2020-002095 // CNNVD: CNNVD-202002-873

EXTERNAL IDS

db:NVDid:CVE-2020-1816

Trust: 2.4

db:JVNDBid:JVNDB-2020-002095

Trust: 0.8

db:CNNVDid:CNNVD-202002-873

Trust: 0.6

sources: JVNDB: JVNDB-2020-002095 // CNNVD: CNNVD-202002-873 // NVD: CVE-2020-1816

REFERENCES

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-03-firewall-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-1816

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1816

Trust: 0.8

sources: JVNDB: JVNDB-2020-002095 // CNNVD: CNNVD-202002-873 // NVD: CVE-2020-1816

SOURCES

db:JVNDBid:JVNDB-2020-002095
db:CNNVDid:CNNVD-202002-873
db:NVDid:CVE-2020-1816

LAST UPDATE DATE

2024-11-23T21:51:40.215000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-002095date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-873date:2020-02-21T00:00:00
db:NVDid:CVE-2020-1816date:2024-11-21T05:11:26.260

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-002095date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-873date:2020-02-17T00:00:00
db:NVDid:CVE-2020-1816date:2020-02-18T00:15:11.337