Out of Bounds Read Vulnerabilities in Huawei's Common Open Policy Service Protocol
CVE-2020-1824

5.3MEDIUM

Key Information:

Vendor: Huawei
Status: Ips Module; Ngfw Module; Nip6300; Nip6600
Vendor: CVE Published:; 28 December 2024

Summary

Multiple out of bounds read vulnerabilities exist in the Common Open Policy Service (COPS) protocol implemented in certain Huawei products. These vulnerabilities arise during the processing of incoming data packets in the decoding function, where an out-of-bounds read may occur. If successfully exploited, these vulnerabilities could lead to service disruption on the affected devices. This affects a range of products utilizing the COPS protocol, underscoring the need for timely updates and mitigative measures to safeguard against potential security threats.

Affected Version(s)

IPS Module V500R001C30

IPS Module V500R001C60

IPS Module V500R005C00

References

https://www.huawei.com/en/psirt/security-advisories/2020/...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 28, 2024
Vulnerability Reserved
Nov 29, 2019