Details of VAR-202103-0463

ID

VAR-202103-0463

CVE

CVE-2020-9213

TITLE

plural Huawei Product vulnerabilities in handling exceptional conditions

Trust: 0.8

sources: JVNDB: JVNDB-2021-004608

DESCRIPTION

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions of NGFW Module, NIP6300, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500, Secospace USG6600 and SG9500. plural Huawei The product contains a vulnerability in handling exceptional conditions.Denial of service (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-9213 // JVNDB: JVNDB-2021-004608 // VULMON: CVE-2020-9213

AFFECTED PRODUCTS

vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	nip6800	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	ngfw module	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	usg9500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6500	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004608 // NVD: CVE-2020-9213

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9213
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-9213
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202102-1035
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-9213
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9213
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2020-9213
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9213
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-9213 // JVNDB: JVNDB-2021-004608 // CNNVD: CNNVD-202102-1035 // NVD: CVE-2020-9213

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004608 // NVD: CVE-2020-9213

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1035

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-1035

PATCH

title:	huawei-sa-20210210-02-dos	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-02-dos-en	Trust: 0.8
title:	Various Huawei product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142338	Trust: 0.6

sources: JVNDB: JVNDB-2021-004608 // CNNVD: CNNVD-202102-1035

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9213	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-004608	Trust: 0.8
db:	CNNVD	id:	CNNVD-202102-1035	Trust: 0.6
db:	VULMON	id:	CVE-2020-9213	Trust: 0.1

sources: VULMON: CVE-2020-9213 // JVNDB: JVNDB-2021-004608 // CNNVD: CNNVD-202102-1035 // NVD: CVE-2020-9213

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-02-dos-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9213	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210210-02-dos-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/755.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/196610	Trust: 0.1

sources: VULMON: CVE-2020-9213 // JVNDB: JVNDB-2021-004608 // CNNVD: CNNVD-202102-1035 // NVD: CVE-2020-9213

SOURCES

db:	VULMON	id:	CVE-2020-9213
db:	JVNDB	id:	JVNDB-2021-004608
db:	CNNVD	id:	CNNVD-202102-1035
db:	NVD	id:	CVE-2020-9213

LAST UPDATE DATE

2024-11-23T22:20:51.550000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-9213	date:	2021-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004608	date:	2021-11-25T06:44:00
db:	CNNVD	id:	CNNVD-202102-1035	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2020-9213	date:	2024-11-21T05:40:10.703

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-9213	date:	2021-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-004608	date:	2021-11-25T00:00:00
db:	CNNVD	id:	CNNVD-202102-1035	date:	2021-02-10T00:00:00
db:	NVD	id:	CVE-2020-9213	date:	2021-03-22T18:15:14.370