CVE-2020-9201

Published Dec 24, 2020

Last updated 4 years ago

CVSS medium 6.5

Overview

Description: There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal.
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.3
Impact score: 2.9
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:nip6800_firmware:v500r001c30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B3D681F-E141-4BB1-9437-8BFE286CB164"
          },
          {
            "criteria": "cpe:2.3:o:huawei:nip6800_firmware:v500r001c60spc500:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C38F1E7A-0347-4E45-A0B6-CB8CE0D8A07E"
          },
          {
            "criteria": "cpe:2.3:o:huawei:nip6800_firmware:v500r005c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6FCA659-5DF8-44EA-91B6-A80FBB68322A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "875441DD-575F-4F4D-A6BD-23C38641D330"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30spc200:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CA7BE1F-853E-4CBA-8A90-BAEA0BCC6A97"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30spc600:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B80E521E-1BFB-405E-9F8E-4A0734731FD0"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c60spc500:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5226BD96-2B00-469B-AADD-CD0541610BBD"
          },
          {
            "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r005c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "391BFC6B-9AE6-49D7-855A-CB94AD1EE5C1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BE469876-F873-4705-9760-097AE840A818"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc200:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0BF5257-8CD1-4951-9C53-07B85D468F8B"
          },
          {
            "criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc600:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E2CDEF7-F8C8-482E-B43D-DB3F0CE010F8"
          },
          {
            "criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r001c60spc500:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A1EFB9D-5349-4EAF-9880-34F0D20011E4"
          },
          {
            "criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r005c00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E961C6AA-400A-41CF-A230-FE7182875F1F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4B6064BB-5E62-4D70-B933-05B5426EEE9C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References