Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1828

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service.

Published

2020-02-17T20:15:11.523

Last Modified

2024-11-21T05:11:26.850

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-20
    CWE-125
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System huawei nip6800_firmware v500r001c30 Yes
Operating System huawei nip6800_firmware v500r001c60spc500 Yes
Operating System huawei nip6800_firmware v500r005c00 Yes
Hardware huawei nip6800 - No
Operating System huawei secospace_usg6600_firmware v500r001c30spc200 Yes
Operating System huawei secospace_usg6600_firmware v500r001c30spc600 Yes
Operating System huawei secospace_usg6600_firmware v500r001c60spc500 Yes
Operating System huawei secospace_usg6600_firmware v500r005c00 Yes
Hardware huawei secospace_usg6600 - No
Operating System huawei usg9500_firmware v500r001c30spc200 Yes
Operating System huawei usg9500_firmware v500r001c30spc600 Yes
Operating System huawei usg9500_firmware v500r001c60spc500 Yes
Operating System huawei usg9500_firmware v500r005c00 Yes
Hardware huawei usg9500 - No
References