Sign-up

ID

VAR-202002-0609


CVE

CVE-2020-1827


TITLE

plural Huawei Improper resource shutdown and release vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-002149

DESCRIPTION

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. Huawei NIP6800 , Secospace USG6600 , USG9500 Contains vulnerabilities related to improper shutdown and release of resources.Service operation interruption (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-1827 // JVNDB: JVNDB-2020-002149

AFFECTED PRODUCTS

vendor:huaweimodel:nip6800scope:eqversion:v500r001c30

Trust: 1.8

vendor:huaweimodel:nip6800scope:eqversion:v500r001c60spc500

Trust: 1.8

vendor:huaweimodel:nip6800scope:eqversion:v500r005c00spc100

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30spc200

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30spc600

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c60spc500

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r005c00spc100

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc200

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30spc600

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c60spc500

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r005c00spc100

Trust: 1.8

sources: JVNDB: JVNDB-2020-002149 // NVD: CVE-2020-1827

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1827
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002149
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202002-733
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-1827
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002149
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-1827
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002149
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-002149 // CNNVD: CNNVD-202002-733 // NVD: CVE-2020-1827

PROBLEMTYPE DATA

problemtype:CWE-404

Trust: 1.8

sources: JVNDB: JVNDB-2020-002149 // NVD: CVE-2020-1827

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-733

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202002-733

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002149

PATCH
title:huawei-sa-20200212-02-ipsecurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-ipsec-en
Trust: 0.8
title:Huawei NIP6800 , Secospace USG6600  and USG9500 IPSec Fixes for module buffer error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=110210
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002149 // 
            
            
            
            CNNVD: CNNVD-202002-733

EXTERNAL IDS
db:NVDid:CVE-2020-1827
Trust: 2.4
db:JVNDBid:JVNDB-2020-002149
Trust: 0.8
db:CNNVDid:CNNVD-202002-733
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002149 // 
            
            
            
            CNNVD: CNNVD-202002-733 // 
            
            
            
            NVD: CVE-2020-1827

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-ipsec-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-1827
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1827
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200212-02-ipsec-cn
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002149 // 
            
            
            
            CNNVD: CNNVD-202002-733 // 
            
            
            
            NVD: CVE-2020-1827

SOURCES
db:JVNDBid:JVNDB-2020-002149
db:CNNVDid:CNNVD-202002-733
db:NVDid:CVE-2020-1827

LAST UPDATE DATE
2024-11-23T23:08:06.177000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-002149date:2020-03-05T00:00:00
db:CNNVDid:CNNVD-202002-733date:2023-05-15T00:00:00
db:NVDid:CVE-2020-1827date:2024-11-21T05:11:26.723

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-002149date:2020-03-05T00:00:00
db:CNNVDid:CNNVD-202002-733date:2020-02-12T00:00:00
db:NVDid:CVE-2020-1827date:2020-02-17T21:15:12.757