CVE-2020-1865

Published Jan 13, 2021

Last updated 4 years ago

CVSS medium 6.5

Overview

Description: There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation.
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.3
Impact score: 2.9
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2A1D568-48C6-4CE4-8CD2-93F79F484448"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32438232-3341-4056-B801-AA8F0F9E8DEC"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32EF3B57-0B07-40C0-943D-2C21EEE4D747"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6A9B879-DBF0-4F31-9BF8-7148BC2FCED5"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "067ADFDC-B001-4270-9CA2-37F670B3BFAC"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c10spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2601F8EC-A011-4614-80CA-3A01D80D9B7B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE8A2875-0F7E-4790-A925-5999396B7578"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C78467A9-4091-4710-BFB8-A6FB0606BDF5"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB2923DC-9667-46F3-B879-C8C1DAECCC6F"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BA3C214-FBB1-428A-8C0B-DF797296FC0E"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38CAD360-6AD5-4714-91BE-0AAB516EDA79"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c00spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCFEB001-EFF7-47AC-B67E-7B807780F009"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c10spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7B76265-8C33-43A6-AAA7-7521B95F1C57"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C8FD775C-F6B6-42B3-942E-EB4DC889B5F0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7D33183-3C97-4EA6-90F7-55ED36F710E5"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA5CC84F-27DD-4D5E-8F28-CD7D12EAD2D7"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F5DDE2E-B7B3-4D7A-A3EA-C15F968F1186"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "369FD60C-215C-4172-9CFC-39AD5492BE17"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r005c20spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAC7C877-066F-4FB8-9AB7-D038CE6E5D8D"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c00spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D96A7C4-88BE-4353-AC75-AF6841EEB6F9"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c10spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "542A16DF-B995-417E-AE19-DFF9CC499D7B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "19F2B3CC-12AD-466D-98F9-0C09C7C053CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r002c50spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14C55E1D-E4E8-4E8F-8D3E-E3A72C5A45D8"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r003c00spc810:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70D64B7D-AA9B-476B-8389-617799BAC702"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c00spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72424532-AB07-47DF-8301-275D6EC2F6D9"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r005c10spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4196899F-1AB3-429A-B334-3B059DFBCAFD"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c00spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA12B395-7D70-445A-B0FD-47363787D1EE"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c10spc800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "512A374E-09BE-4ACD-9F87-C1752C882778"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D05E858C-A3D8-4BF1-A750-CFD8C949ABF0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References