Details of VAR-202101-0288

ID

VAR-202101-0288

CVE

CVE-2020-1866

TITLE

plural Huawei Out-of-bounds read vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-015376

DESCRIPTION

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00. plural Huawei The product contains an out-of-bounds read vulnerability.Denial of service (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-1866 // JVNDB: JVNDB-2020-015376

AFFECTED PRODUCTS

vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	s2700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s9700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30spc200	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	s7700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc600	Trust: 1.0
vendor:	huawei	model:	s12700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	s5700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30spc300	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c60spc500	Trust: 1.0
vendor:	huawei	model:	s6700	scope:	eq	version:	v200r008c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30spc600	Trust: 1.0
vendor:	huawei	model:	s2700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s5700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s9700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s6700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s12700	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	s7700	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015376 // NVD: CVE-2020-1866

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1866
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-1866
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2020-1866
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-1866
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-1866
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-015376 // NVD: CVE-2020-1866

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-015376 // NVD: CVE-2020-1866

PATCH

title:

huawei-sa-20200122-09-eudemon

url:

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en

Trust: 0.8

sources: JVNDB: JVNDB-2020-015376

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1866	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-015376	Trust: 0.8

sources: JVNDB: JVNDB-2020-015376 // NVD: CVE-2020-1866

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1866	Trust: 0.8

sources: JVNDB: JVNDB-2020-015376 // NVD: CVE-2020-1866

SOURCES

db:	JVNDB	id:	JVNDB-2020-015376
db:	NVD	id:	CVE-2020-1866

LAST UPDATE DATE

2024-11-23T22:11:09.481000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-015376	date:	2021-09-17T07:58:00
db:	NVD	id:	CVE-2020-1866	date:	2024-11-21T05:11:30.670

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-015376	date:	2021-09-17T00:00:00
db:	NVD	id:	CVE-2020-1866	date:	2021-01-13T23:15:13.367