PT-2020-15133 · Huawei · Usg9500+3
Published
2020-02-19
·
Updated
2020-03-04
·
CVE-2020-1876
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
NIP6800 versions V500R001C30 through V500R005C00SPC100
Secospace USG6600 versions V500R001C30 through V500R005C00SPC100
USG9500 versions V500R001C30 through V500R005C00SPC100
Description
The issue is an out-of-bounds write vulnerability. An unauthenticated attacker can craft malformed packets with a specific
parameter and send them to the affected products. Due to insufficient validation of packets, this may be exploited to cause the process to reboot.Recommendations
For NIP6800 versions V500R001C30 through V500R005C00SPC100, update to a version that includes the fix for the out-of-bounds write vulnerability.
For Secospace USG6600 versions V500R001C30 through V500R005C00SPC100, update to a version that includes the fix for the out-of-bounds write vulnerability.
For USG9500 versions V500R001C30 through V500R005C00SPC100, update to a version that includes the fix for the out-of-bounds write vulnerability.
As a temporary workaround, consider restricting access to the affected products to minimize the risk of exploitation.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Vrp
Nip6800
Secospace Usg6600
Usg9500