Sign-up

ID

VAR-202003-1137


CVE

CVE-2020-1863


TITLE

Huawei USG6000V Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002965

DESCRIPTION

Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products. Huawei USG6000V Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. Huawei USG6000V is a virtual service gateway product based on Network Function Virtualization (NFV) of China's Huawei company. Huawei USG6000V V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have security vulnerabilities. Remote attackers can use this vulnerability to cause service anomalies

Trust: 2.25

sources: NVD: CVE-2020-1863 // JVNDB: JVNDB-2020-002965 // CNVD: CNVD-2020-21093 // VULMON: CVE-2020-1863

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-21093

AFFECTED PRODUCTS

vendor:huaweimodel:usg6000vscope:eqversion:v500r001c20spc300

Trust: 1.8

vendor:huaweimodel:usg6000vscope:eqversion:v500r003c00spc100

Trust: 1.8

vendor:huaweimodel:usg6000vscope:eqversion:v500r005c00spc100

Trust: 1.8

vendor:huaweimodel:usg6000v v500r001c20spc300scope: - version: -

Trust: 0.6

vendor:huaweimodel:usg6000v v500r003c00spc100scope: - version: -

Trust: 0.6

vendor:huaweimodel:usg6000v v500r005c00spc100scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-21093 // JVNDB: JVNDB-2020-002965 // NVD: CVE-2020-1863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1863
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002965
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-21093
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-642
value: HIGH

Trust: 0.6

VULMON: CVE-2020-1863
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1863
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-002965
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-21093
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1863
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002965
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-21093 // VULMON: CVE-2020-1863 // JVNDB: JVNDB-2020-002965 // CNNVD: CNNVD-202003-642 // NVD: CVE-2020-1863

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2020-002965 // NVD: CVE-2020-1863

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-642

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-642

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002965

PATCH
title:huawei-sa-20200311-01-bufferurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-buffer-en
Trust: 0.8
title:Patch for Huawei USG6000V out-of-bounds reading vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/212201
Trust: 0.6
title:Huawei USG6000V Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111896
Trust: 0.6
title:Huawei Security Advisories: Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Productsurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=68c52785dcaa57831f32e97d4ae05d54
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-21093 // 
            
            
            
            VULMON: CVE-2020-1863 // 
            
            
            
            JVNDB: JVNDB-2020-002965 // 
            
            
            
            CNNVD: CNNVD-202003-642

EXTERNAL IDS
db:NVDid:CVE-2020-1863
Trust: 3.1
db:JVNDBid:JVNDB-2020-002965
Trust: 0.8
db:CNVDid:CNVD-2020-21093
Trust: 0.6
db:CNNVDid:CNNVD-202003-642
Trust: 0.6
db:VULMONid:CVE-2020-1863
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-21093 // 
            
            
            
            VULMON: CVE-2020-1863 // 
            
            
            
            JVNDB: JVNDB-2020-002965 // 
            
            
            
            CNNVD: CNNVD-202003-642 // 
            
            
            
            NVD: CVE-2020-1863

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-buffer-en
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-1863
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1863
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200311-01-buffer-cn
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/125.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-1863 // 
            
            
            
            JVNDB: JVNDB-2020-002965 // 
            
            
            
            CNNVD: CNNVD-202003-642 // 
            
            
            
            NVD: CVE-2020-1863

SOURCES
db:CNVDid:CNVD-2020-21093
db:VULMONid:CVE-2020-1863
db:JVNDBid:JVNDB-2020-002965
db:CNNVDid:CNNVD-202003-642
db:NVDid:CVE-2020-1863

LAST UPDATE DATE
2024-11-23T21:36:02.568000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-21093date:2020-04-02T00:00:00
db:VULMONid:CVE-2020-1863date:2020-03-18T00:00:00
db:JVNDBid:JVNDB-2020-002965date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-642date:2020-04-01T00:00:00
db:NVDid:CVE-2020-1863date:2024-11-21T05:11:30.310

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-21093date:2020-04-02T00:00:00
db:VULMONid:CVE-2020-1863date:2020-03-12T00:00:00
db:JVNDBid:JVNDB-2020-002965date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-642date:2020-03-11T00:00:00
db:NVDid:CVE-2020-1863date:2020-03-12T23:15:12.390