PT-2020-5379 · Huawei · Cloudengine 1800V

Published

2020-12-07

Updated

2020-12-28

CVE-2020-9120

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions CloudEngine 1800V version V100R019C10SPC500

Description The issue is related to a resource management error, allowing remote unauthorized attackers to send specific types of messages to the device. This results in the system being unable to forward the received message normally, potentially leading to a denial of service.

Recommendations For CloudEngine 1800V version V100R019C10SPC500, consider restricting access to the device to prevent remote attackers from sending malicious messages until a patch is available. As a temporary workaround, limiting the types of messages that can be received by the system may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2021-00369

CVE-2020-9120

Affected Products

Cloudengine 1800V

PT-2020-5379 · Huawei · Cloudengine 1800V

CVE-2020-9120

Weakness Enumeration

Related Identifiers

Affected Products

References · 6