Out-of-Bounds Read Vulnerability in NIP6800, Secospace USG6600, and USG9500
CVE-2020-9201

6.5MEDIUM

Key Information:

Vendor
Huawei
Vendor
CVE Published:
24 December 2020

Summary

An out-of-bounds read vulnerability exists in certain versions of the NIP6800, Secospace USG6600, and USG9500 devices. This vulnerability occurs due to the software's improper handling of DHCP messages, particularly when parsing crafted parameters. Exploitation of this flaw can result in the software reading data beyond the buffer's intended limits, potentially leading to abnormal service behavior.

Affected Version(s)

NIP6800;Secospace USG6600;USG9500 V500R001C30,V500R001C60SPC500,V500R005C00

NIP6800;Secospace USG6600;USG9500 V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.