Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1814

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal.

Published

2020-02-18T02:15:10.703

Last Modified

2024-11-21T05:11:25.960

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

6.8

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-119
    CWE-362
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System huawei nip6800_firmware v500r001c30 Yes
Operating System huawei nip6800_firmware v500r001c60spc500 Yes
Operating System huawei nip6800_firmware v500r005c00 Yes
Hardware huawei nip6800 - No
Operating System huawei secospace_usg6600_firmware v500r001c30spc200 Yes
Operating System huawei secospace_usg6600_firmware v500r001c30spc600 Yes
Operating System huawei secospace_usg6600_firmware v500r001c60spc500 Yes
Operating System huawei secospace_usg6600_firmware v500r005c00 Yes
Hardware huawei secospace_usg6600 - No
Operating System huawei usg9500_firmware v500r001c30spc200 Yes
Operating System huawei usg9500_firmware v500r001c30spc600 Yes
Operating System huawei usg9500_firmware v500r001c60spc500 Yes
Operating System huawei usg9500_firmware v500r005c00 Yes
Hardware huawei usg9500 - No
References