Lucene search

[email protected]CVE-2020-9213

HistoryMar 22, 2021 - 6:15 p.m.

CVE-2020-9213

2021-03-2218:15:14

[email protected]

web.nvd.nist.gov

cve-2020-9213

denial of service

vulnerability

huawei

ngfw module

nip6300

nip6600

nip6800

secospace usg6300

secospace usg6500

secospace usg6600

sg9500

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.7%

JSON

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions of NGFW Module, NIP6300, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500, Secospace USG6600 and SG9500.

Affected configurations

NVD

Node

huaweingfw_module_firmwareMatchv500r005c00

AND

huaweingfw_moduleMatch-

Node

huaweinip6300_firmwareMatchv500r001c30

huaweinip6300_firmwareMatchv500r001c60

huaweinip6300_firmwareMatchv500r005c00

AND

huaweinip6300Match-

Node

huaweinip6600_firmwareMatchv500r001c30

huaweinip6600_firmwareMatchv500r001c60

huaweinip6600_firmwareMatchv500r005c00

AND

huaweinip6600Match-

Node

huaweinip6800_firmwareMatchv500r001c60

huaweinip6800_firmwareMatchv500r005c00

AND

huaweinip6800Match-

Node

huaweisecospace_usg6300_firmwareMatchv500r001c30

huaweisecospace_usg6300_firmwareMatchv500r001c60

huaweisecospace_usg6300_firmwareMatchv500r005c00

AND

huaweisecospace_usg6300Match-

Node

huaweisecospace_usg6500_firmwareMatchv500r001c30

huaweisecospace_usg6500_firmwareMatchv500r001c60

huaweisecospace_usg6500_firmwareMatchv500r005c00

AND

huaweisecospace_usg6500Match-

Node

huaweisecospace_usg6600_firmwareMatchv500r001c30

huaweisecospace_usg6600_firmwareMatchv500r001c60

huaweisecospace_usg6600_firmwareMatchv500r005c00

AND

huaweisecospace_usg6600Match-

Node

huaweiusg9500_firmwareMatchv500r001c30

huaweiusg9500_firmwareMatchv500r001c60

huaweiusg9500_firmwareMatchv500r005c00

AND

huaweiusg9500Match-

CPENameOperatorVersion
huawei:ngfw_module_firmwarehuawei ngfw module firmwareeqv500r005c00

CPE	Name	Operator	Version
huawei:ngfw_module_firmware	huawei ngfw module firmware	eq	v500r005c00

CNA Affected

[
  {
    "product": "NGFW Module;NIP6300;NIP6600;NIP6800;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V500R005C00"
      },
      {
        "status": "affected",
        "version": "V500R001C30,V500R001C60,V500R005C00"
      },
      {
        "status": "affected",
        "version": "V500R001C60,V500R005C00"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20210210-02-dos-en

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.7%

JSON

Related for CVE-2020-9213

huawei1 openvas1 nvd1 prion1 cvelist1