Details of VAR-202002-0605

ID

VAR-202002-0605

CVE

CVE-2020-1876

TITLE

plural Huawei Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-002391

DESCRIPTION

NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. NIP6800 , Secospace USG6600 , USG9500 Is vulnerable to out-of-bounds writes.Service operation interruption (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-1876 // JVNDB: JVNDB-2020-002391

AFFECTED PRODUCTS

vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30spc600	Trust: 1.6
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r005c00	Trust: 1.6
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc600	Trust: 1.6
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc200	Trust: 1.6
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c60spc500	Trust: 1.6
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c30	Trust: 1.6
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c60spc500	Trust: 1.6
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r005c00	Trust: 1.6
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6800	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2020-002391 // CNNVD: CNNVD-202002-998 // NVD: CVE-2020-1876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1876
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-002391
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202002-998
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-1876
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002391
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-1876
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002391
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-002391 // CNNVD: CNNVD-202002-998 // NVD: CVE-2020-1876

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2020-002391 // NVD: CVE-2020-1876

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-998

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202002-998

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002391

PATCH

title:	huawei-sa-20200219-01-outofwrite	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-en	Trust: 0.8
title:	Multiple Huawei Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111204	Trust: 0.6

sources: JVNDB: JVNDB-2020-002391 // CNNVD: CNNVD-202002-998

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1876	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-002391	Trust: 0.8
db:	CNNVD	id:	CNNVD-202002-998	Trust: 0.6

sources: JVNDB: JVNDB-2020-002391 // CNNVD: CNNVD-202002-998 // NVD: CVE-2020-1876

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1876	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1876	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-cn	Trust: 0.6

sources: JVNDB: JVNDB-2020-002391 // CNNVD: CNNVD-202002-998 // NVD: CVE-2020-1876

SOURCES

db:	JVNDB	id:	JVNDB-2020-002391
db:	CNNVD	id:	CNNVD-202002-998
db:	NVD	id:	CVE-2020-1876

LAST UPDATE DATE

2024-11-23T21:36:11.803000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-002391	date:	2020-03-13T00:00:00
db:	CNNVD	id:	CNNVD-202002-998	date:	2020-03-09T00:00:00
db:	NVD	id:	CVE-2020-1876	date:	2024-11-21T05:11:31.607

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-002391	date:	2020-03-13T00:00:00
db:	CNNVD	id:	CNNVD-202002-998	date:	2020-02-19T00:00:00
db:	NVD	id:	CVE-2020-1876	date:	2020-02-28T19:15:12.030