Sign-up

ID

VAR-202002-0598


CVE

CVE-2020-1873


TITLE

plural Huawei Out-of-bounds read vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-002389

DESCRIPTION

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the device reboot. NIP6800 , Secospace USG6600 , USG9500 Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-1873 // JVNDB: JVNDB-2020-002389

AFFECTED PRODUCTS

vendor:huaweimodel:nip6800scope:eqversion:v500r001c30

Trust: 1.0

vendor:huaweimodel:usg9500scope:eqversion:v500r005c00spc100

Trust: 1.0

vendor:huaweimodel:usg9500scope:eqversion:v500r001c60spc500

Trust: 1.0

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30spc200

Trust: 1.0

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc600

Trust: 1.0

vendor:huaweimodel:nip6800scope:eqversion:v500r005c00spc100

Trust: 1.0

vendor:huaweimodel:nip6800scope:eqversion:v500r001c60spc500

Trust: 1.0

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc200

Trust: 1.0

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r005c00spc100

Trust: 1.0

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c60spc500

Trust: 1.0

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30spc600

Trust: 1.0

vendor:huaweimodel:nip6800scope: - version: -

Trust: 0.8

vendor:huaweimodel:secospace usg6600scope: - version: -

Trust: 0.8

vendor:huaweimodel:usg9500scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-002389 // NVD: CVE-2020-1873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1873
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002389
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202002-983
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-1873
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002389
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-1873
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002389
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-002389 // CNNVD: CNNVD-202002-983 // NVD: CVE-2020-1873

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2020-002389 // NVD: CVE-2020-1873

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-983

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202002-983

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002389

PATCH
title:huawei-sa-20200219-01-outofboundreadurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofboundread-en
Trust: 0.8
title:Huawei NIP6800 , Secospace USG6600  and USG9500 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111201
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002389 // 
            
            
            
            CNNVD: CNNVD-202002-983

EXTERNAL IDS
db:NVDid:CVE-2020-1873
Trust: 2.4
db:JVNDBid:JVNDB-2020-002389
Trust: 0.8
db:CNNVDid:CNNVD-202002-983
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002389 // 
            
            
            
            CNNVD: CNNVD-202002-983 // 
            
            
            
            NVD: CVE-2020-1873

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofboundread-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-1873
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1873
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200219-01-outofboundread-cn
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002389 // 
            
            
            
            CNNVD: CNNVD-202002-983 // 
            
            
            
            NVD: CVE-2020-1873

SOURCES
db:JVNDBid:JVNDB-2020-002389
db:CNNVDid:CNNVD-202002-983
db:NVDid:CVE-2020-1873

LAST UPDATE DATE
2024-11-23T23:04:29.099000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-002389date:2020-03-13T00:00:00
db:CNNVDid:CNNVD-202002-983date:2020-12-10T00:00:00
db:NVDid:CVE-2020-1873date:2024-11-21T05:11:31.240

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-002389date:2020-03-13T00:00:00
db:CNNVDid:CNNVD-202002-983date:2020-02-19T00:00:00
db:NVDid:CVE-2020-1873date:2020-02-28T19:15:11.827