Out-of-Bounds Read Vulnerability in Huawei AR120-S Products
CVE-2020-9071

6.5MEDIUM

Key Information:

Vendor
Huawei
Status
Ar120-s;ar1200;ar1200-s;ar150;ar150-s;ar160;ar200;ar200-s;ar2200;ar2200-s;ar3200;ar3600;ar510;netengine16ex;srg1300;srg2300;srg3300
Vendor
CVE Published:
1 June 2020

Summary

An out-of-bounds read vulnerability exists within specific Huawei AR120-S products. The issue arises when the software processes certain messages, resulting in data being read beyond the intended buffer limit. This flaw can potentially be exploited by an authenticated attacker who sends carefully crafted messages to the affected device. If successfully executed, this exploit may lead to abnormal service behavior under specific conditions.

Affected Version(s)

AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;AR510;NetEngine16EX;SRG1300;SRG2300;SRG3300 V200R007C00SPC900,V200R007C00SPCa00,V200R007C00SPCb00,V200R007C00SPCc00

AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;AR510;NetEngine16EX;SRG1300;SRG2300;SRG3300 V200R007C00SPC900,V200R007C00SPC900PWE,V200R007C00SPCa00,V200R007C00SPCb00,V200R007C00SPCb00PWE,V200R007C00SPCc00

AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;AR510;NetEngine16EX;SRG1300;SRG2300;SRG3300 V200R007C00SPC900,V200R007C00SPCb00,V200R007C00SPCc00

References

https://www.huawei.com/en/psirt/security-advisories/huawe...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.