Out of Bounds Read Vulnerabilities in Huawei's COPS Implementation
CVE-2020-1822

5.3MEDIUM

Key Information:

Vendor: Huawei
Status: Ips Module; Ngfw Module; Nip6300; Nip6600
Vendor: CVE Published:; 28 December 2024

Summary

Multiple out of bounds read vulnerabilities exist in the implementation of the Common Open Policy Service (COPS) protocol within various Huawei networking products. These vulnerabilities may arise during the processing of incoming data packets in the specific decoding function. Exploitation of these vulnerabilities could lead to unintended behavior, potentially disrupting service operations on the affected devices. These vulnerabilities are associated with several identified issues, indicating a broader concern regarding the secure handling of data packets in network devices.

Affected Version(s)

IPS Module V500R001C30

IPS Module V500R001C60

IPS Module V500R005C00

References

https://www.huawei.com/en/psirt/security-advisories/2020/...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 28, 2024
Vulnerability Reserved
Nov 29, 2019