Sign-up

ID

VAR-202007-1277


CVE

CVE-2020-9101


TITLE

plural Huawei Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-008283

DESCRIPTION

There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Affected product versions include: IPS Module versions V500R005C00, V500R005C10; NGFW Module versions V500R005C00, V500R005C10; Secospace USG6300 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6600 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; USG9500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10. plural Huawei The product contains an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-9101 // JVNDB: JVNDB-2020-008283

AFFECTED PRODUCTS

vendor:huaweimodel:ips modulescope:eqversion:v500r005c00

Trust: 1.8

vendor:huaweimodel:ips modulescope:eqversion:v500r005c10

Trust: 1.8

vendor:huaweimodel:ngfw modulescope:eqversion:v500r005c00

Trust: 1.8

vendor:huaweimodel:ngfw modulescope:eqversion:v500r005c10

Trust: 1.8

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r001c30

Trust: 1.8

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r001c60

Trust: 1.8

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r005c00

Trust: 1.8

vendor:huaweimodel:secospace usg6300scope:eqversion:v500r005c10

Trust: 1.8

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c30

Trust: 1.8

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r001c60

Trust: 1.8

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r005c00

Trust: 1.8

vendor:huaweimodel:secospace usg6500scope:eqversion:v500r005c10

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c30

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r001c60

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r005c00

Trust: 1.8

vendor:huaweimodel:secospace usg6600scope:eqversion:v500r005c10

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c30

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r001c60

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r005c00

Trust: 1.8

vendor:huaweimodel:usg9500scope:eqversion:v500r005c10

Trust: 1.8

sources: JVNDB: JVNDB-2020-008283 // NVD: CVE-2020-9101

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9101
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008283
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-1140
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9101
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008283
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-9101
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008283
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-008283 // CNNVD: CNNVD-202007-1140 // NVD: CVE-2020-9101

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2020-008283 // NVD: CVE-2020-9101

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1140

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1140

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008283

PATCH
title:huawei-sa-20200715-01-outofboundswriteurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-01-outofboundswrite-en
Trust: 0.8
title:Multiple Huawei Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124204
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008283 // 
            
            
            
            CNNVD: CNNVD-202007-1140

EXTERNAL IDS
db:NVDid:CVE-2020-9101
Trust: 2.4
db:JVNDBid:JVNDB-2020-008283
Trust: 0.8
db:CNNVDid:CNNVD-202007-1140
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008283 // 
            
            
            
            CNNVD: CNNVD-202007-1140 // 
            
            
            
            NVD: CVE-2020-9101

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-01-outofboundswrite-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-9101
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9101
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200715-01-outofboundswrite-cn
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008283 // 
            
            
            
            CNNVD: CNNVD-202007-1140 // 
            
            
            
            NVD: CVE-2020-9101

SOURCES
db:JVNDBid:JVNDB-2020-008283
db:CNNVDid:CNNVD-202007-1140
db:NVDid:CVE-2020-9101

LAST UPDATE DATE
2024-11-23T21:51:24.637000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-008283date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1140date:2020-07-27T00:00:00
db:NVDid:CVE-2020-9101date:2024-11-21T05:40:01.727

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-008283date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1140date:2020-07-15T00:00:00
db:NVDid:CVE-2020-9101date:2020-07-18T01:16:35.037