CVE-2020-1866

6.5MEDIUM

Key Information:

Vendor: Huawei
Status: Nip6800;s12700;s2700;s5700;s6700;s7700;s9700;secospace Usg6600;usg9500
Vendor: CVE Published:; 13 January 2021

Summary

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00.

Affected Version(s)

NIP6800;S12700;S2700;S5700;S6700;S7700;S9700;Secospace USG6600;USG9500 V500R001C30,V500R001C60SPC500,V500R005C00

NIP6800;S12700;S2700;S5700;S6700;S7700;S9700;Secospace USG6600;USG9500 V200R008C00

NIP6800;S12700;S2700;S5700;S6700;S7700;S9700;Secospace USG6600;USG9500 V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2021
Vulnerability Reserved
Nov 29, 2019