PT-2020-1996 · Huawei · Usg9500+3
Published
2020-02-19
·
Updated
2020-03-04
·
CVE-2020-1873
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
NIP6800 versions V500R001C30 through V500R005C00SPC100
Secospace USG6600 versions V500R001C30 through V500R005C00SPC100
USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100
Description
The issue is related to an out-of-bounds read vulnerability. An unauthenticated attacker can craft a malformed message with a specific parameter and send it to the affected products. Due to insufficient validation of the message, this may be exploited to cause the device to reboot.
Recommendations
For NIP6800 versions V500R001C30 through V500R005C00SPC100, update to a version that includes the fix for this issue.
For Secospace USG6600 versions V500R001C30 through V500R005C00SPC100, update to a version that includes the fix for this issue.
For USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the affected products to minimize the risk of exploitation.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Vrp
Nip6800
Secospace Usg6600
Usg9500