Out-of-Bounds Read Vulnerabilities in Huawei Common Open Policy Service
CVE-2020-1818

5.3MEDIUM

Key Information:

Vendor: Huawei
Status: Ips Module; Ngfw Module; Nip6300; Nip6600
Vendor: CVE Published:; 27 December 2024

Summary

Multiple out-of-bounds read vulnerabilities exist in the implementation of the Common Open Policy Service (COPS) protocol found in various Huawei products. When processing incoming data packets, the specific decoding function may allow for out-of-bounds reads, leading to potential service disruptions on affected devices. Successful exploitation of these vulnerabilities can result in serious operational issues, making it crucial for users of the impacted Huawei network devices to apply appropriate security measures promptly. Huawei has designated several identification numbers for these vulnerabilities, which highlights the urgency of the situation.

Affected Version(s)

IPS Module V500R001C30

IPS Module V500R001C60

IPS Module V500R005C00

References

https://www.huawei.com/en/psirt/security-advisories/2020/...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 27, 2024
Vulnerability Reserved
Nov 29, 2019