Out of Bounds Read Vulnerabilities in Huawei Common Open Policy Service Protocol
CVE-2020-1820

5.3MEDIUM

Key Information:

Vendor: Huawei
Status: Ips Module; Ngfw Module; Nip6300; Nip6600
Vendor: CVE Published:; 28 December 2024

Summary

Multiple out of bounds read vulnerabilities have been identified within the implementation of the Common Open Policy Service (COPS) protocol in certain Huawei products. These vulnerabilities arise due to improper handling of incoming data packets, which can lead to disruptions in service. When the decoding function processes data, it may read beyond allocated boundaries, creating potential avenues for exploitation. Successful execution of such exploits could result in service interruption on affected devices, impacting network stability and performance. The vulnerabilities are associated with multiple vulnerability IDs, underscoring the need for organizations utilizing these devices to assess their exposure and apply necessary patches as outlined in Huawei's advisory.

Affected Version(s)

IPS Module V500R001C30

IPS Module V500R001C60

IPS Module V500R005C00

References

https://www.huawei.com/en/psirt/security-advisories/2020/...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 28, 2024
Vulnerability Reserved
Nov 29, 2019