Out-of-Bounds Read Vulnerability in NIP6800, Secospace USG6600, and USG9500
CVE-2020-9201
6.5MEDIUM
Key Information:
- Vendor
- Huawei
- Vendor
- CVE Published:
- 24 December 2020
Summary
An out-of-bounds read vulnerability exists in certain versions of the NIP6800, Secospace USG6600, and USG9500 devices. This vulnerability occurs due to the software's improper handling of DHCP messages, particularly when parsing crafted parameters. Exploitation of this flaw can result in the software reading data beyond the buffer's intended limits, potentially leading to abnormal service behavior.
Affected Version(s)
NIP6800;Secospace USG6600;USG9500 V500R001C30,V500R001C60SPC500,V500R005C00
NIP6800;Secospace USG6600;USG9500 V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved