Details of VAR-202002-0606

ID

VAR-202002-0606

CVE

CVE-2020-1877

TITLE

plural HUAWEI Product vulnerabilities to access to uninitialized pointers

Trust: 0.8

sources: JVNDB: JVNDB-2020-002329

DESCRIPTION

NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when administrator log in to the device and performs some operations. Successful exploit could cause certain process reboot. NIP6800 , Secospace USG6600 , USG9500 Exists in an uninitialized pointer access vulnerability.Service operation interruption (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-1877 // JVNDB: JVNDB-2020-002329

AFFECTED PRODUCTS

vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30spc600	Trust: 1.6
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r005c00	Trust: 1.6
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30spc200	Trust: 1.6
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc200	Trust: 1.6
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c60spc500	Trust: 1.6
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c30	Trust: 1.6
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c60spc500	Trust: 1.6
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r005c00	Trust: 1.6
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc600	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6800	scope:	eq	version:	-	Trust: 0.6
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2020-002329 // CNNVD: CNNVD-202002-1001 // NVD: CVE-2020-1877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1877
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-002329
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202002-1001
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-1877
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002329
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-1877
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002329
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-002329 // CNNVD: CNNVD-202002-1001 // NVD: CVE-2020-1877

PROBLEMTYPE DATA

problemtype:

CWE-824

Trust: 1.8

sources: JVNDB: JVNDB-2020-002329 // NVD: CVE-2020-1877

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-1001

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202002-1001

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002329

PATCH

title:	huawei-sa-20200219-05-invalidpointer	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-05-invalidpointer-en	Trust: 0.8
title:	Multiple Huawei Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111072	Trust: 0.6

sources: JVNDB: JVNDB-2020-002329 // CNNVD: CNNVD-202002-1001

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1877	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-002329	Trust: 0.8
db:	CNNVD	id:	CNNVD-202002-1001	Trust: 0.6

sources: JVNDB: JVNDB-2020-002329 // CNNVD: CNNVD-202002-1001 // NVD: CVE-2020-1877

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-05-invalidpointer-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1877	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1877	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200219-05-invalidpointer-cn	Trust: 0.6

sources: JVNDB: JVNDB-2020-002329 // CNNVD: CNNVD-202002-1001 // NVD: CVE-2020-1877

SOURCES

db:	JVNDB	id:	JVNDB-2020-002329
db:	CNNVD	id:	CNNVD-202002-1001
db:	NVD	id:	CVE-2020-1877

LAST UPDATE DATE

2024-11-23T22:29:46.709000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-002329	date:	2020-03-12T00:00:00
db:	CNNVD	id:	CNNVD-202002-1001	date:	2020-03-09T00:00:00
db:	NVD	id:	CVE-2020-1877	date:	2024-11-21T05:11:31.740

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-002329	date:	2020-03-12T00:00:00
db:	CNNVD	id:	CNNVD-202002-1001	date:	2020-02-19T00:00:00
db:	NVD	id:	CVE-2020-1877	date:	2020-02-28T19:15:12.107