PT-2020-15105 · Huawei · Secospace Usg9500+3
Published
2020-02-12
·
Updated
2020-02-20
·
CVE-2020-1830
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00
Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00
Description
A memory management error exists when the IPSec Module handles a specific message, causing a 1 byte out-of-bound read. This compromises normal service. Attackers can send a specific message to trigger this issue.
Recommendations
For Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00, update to a version that fixes the memory management error in the IPSec Module.
For Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00, update to a version that fixes the memory management error in the IPSec Module.
As a temporary workaround, consider restricting the handling of specific messages by the IPSec Module to minimize the risk of exploitation.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Nip6800
Huawei Vrp
Secospace Usg6600
Secospace Usg9500