Out-of-Bounds Read Vulnerability in Huawei Network Products
CVE-2020-1866

6.5MEDIUM

Key Information:

Vendor: Huawei
Status: Nip6800;s12700;s2700;s5700;s6700;s7700;s9700;secospace Usg6600;usg9500
Vendor: CVE Published:; 13 January 2021

Summary

An out-of-bounds read vulnerability exists in several Huawei network products. This issue arises when the software processes crafted DHCP messages, leading to reading past the end of the designated buffer. Exploiting this vulnerability may result in abnormal service behavior. Affected products encompass a range of Huawei's networking equipment, making timely updates crucial to mitigate potential risks.

Affected Version(s)

NIP6800;S12700;S2700;S5700;S6700;S7700;S9700;Secospace USG6600;USG9500 V500R001C30,V500R001C60SPC500,V500R005C00

NIP6800;S12700;S2700;S5700;S6700;S7700;S9700;Secospace USG6600;USG9500 V200R008C00

NIP6800;S12700;S2700;S5700;S6700;S7700;S9700;Secospace USG6600;USG9500 V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2021
Vulnerability Reserved
Nov 29, 2019