Lucene search

K
cve[email protected]CVE-2020-1830
HistoryFeb 18, 2020 - 12:15 a.m.

CVE-2020-1830

2020-02-1800:15:11
CWE-125
web.nvd.nist.gov
61
cve-2020-1830
huawei
nip6800
secospace
usg6600
usg9500
ipsec
memory management
vulnerability
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.7%

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a vulnerability that a memory management error exists when IPSec Module handing a specific message. This causes 1 byte out-of-bound read, compromising normal service.

Affected configurations

NVD
Node
huaweinip6800_firmwareMatchv500r001c30
OR
huaweinip6800_firmwareMatchv500r001c60spc500
OR
huaweinip6800_firmwareMatchv500r005c00
AND
huaweinip6800Match-
Node
huaweisecospace_usg6600_firmwareMatchv500r001c30spc200
OR
huaweisecospace_usg6600_firmwareMatchv500r001c30spc600
OR
huaweisecospace_usg6600_firmwareMatchv500r001c60spc500
OR
huaweisecospace_usg6600_firmwareMatchv500r005c00
AND
huaweisecospace_usg6600Match-
Node
huaweiusg9500_firmwareMatchv500r001c30spc200
OR
huaweiusg9500_firmwareMatchv500r001c30spc600
OR
huaweiusg9500_firmwareMatchv500r001c60spc500
OR
huaweiusg9500_firmwareMatchv500r005c00
AND
huaweiusg9500Match-

CNA Affected

[
  {
    "product": "NIP6800",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "V500R001C30"
      },
      {
        "status": "affected",
        "version": "V500R001C60SPC500"
      },
      {
        "status": "affected",
        "version": "V500R005C00"
      }
    ]
  },
  {
    "product": "Secospace USG6600, USG9500",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "V500R001C30SPC200"
      },
      {
        "status": "affected",
        "version": "V500R001C30SPC600"
      },
      {
        "status": "affected",
        "version": "V500R001C60SPC500"
      },
      {
        "status": "affected",
        "version": "V500R005C00"
      }
    ]
  }
]

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.7%

Related for CVE-2020-1830