Out of Bounds Read Vulnerabilities in Huawei COPS Implementation
CVE-2020-1823

5.3MEDIUM

Key Information:

Vendor: Huawei
Status: Ips Module; Ngfw Module; Nip6300; Nip6600
Vendor: CVE Published:; 28 December 2024

Summary

The vulnerabilities present in the implementation of the Common Open Policy Service (COPS) protocol in specific Huawei products allow for multiple out of bounds (OOB) read conditions. These occur when the decoding function processes incoming data packets, potentially leading to unauthorized access to sensitive information or disruption of service on the affected device. Various Huawei products including routers, switches, and firewalls are affected, highlighting the significance of monitoring and mitigating such security risks to maintain device integrity and operational continuity.

Affected Version(s)

IPS Module V500R001C30

IPS Module V500R001C60

IPS Module V500R005C00

References

https://www.huawei.com/en/psirt/security-advisories/2020/...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 28, 2024
Vulnerability Reserved
Nov 29, 2019