PT-2020-1997 · Huawei · Secospace Usg9500+3
Published
2020-02-05
·
Updated
2020-02-20
·
CVE-2020-1829
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500
Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500
Description
The issue is related to the IPSec module handling a message improperly, which can lead to double free memory when a specific message is sent by attackers. This may compromise normal service. The vulnerability can be exploited by a remote attacker to cause a denial of service.
Recommendations
For Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500, consider disabling the IPSec module as a temporary workaround until a patch is available.
For Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500, restrict access to the IPSec module to minimize the risk of exploitation.
Fix
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Nip6800
Huawei Vrp
Secospace Usg6600
Secospace Usg9500