CVE-2020-9071

6.5MEDIUM

Key Information:

Vendor
Huawei
Status
Ar120-s;ar1200;ar1200-s;ar150;ar150-s;ar160;ar200;ar200-s;ar2200;ar2200-s;ar3200;ar3600;ar510;netengine16ex;srg1300;srg2300;srg3300
Vendor
CVE Published:
1 June 2020

Summary

There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00

Affected Version(s)

AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;AR510;NetEngine16EX;SRG1300;SRG2300;SRG3300 V200R007C00SPC900,V200R007C00SPCa00,V200R007C00SPCb00,V200R007C00SPCc00

AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;AR510;NetEngine16EX;SRG1300;SRG2300;SRG3300 V200R007C00SPC900,V200R007C00SPC900PWE,V200R007C00SPCa00,V200R007C00SPCb00,V200R007C00SPCb00PWE,V200R007C00SPCc00

AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;AR510;NetEngine16EX;SRG1300;SRG2300;SRG3300 V200R007C00SPC900,V200R007C00SPCb00,V200R007C00SPCc00

References

https://www.huawei.com/en/psirt/security-advisories/huawe...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.