SecuriTricks - CVE-2020-1818

Description

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Product(s) Impacted

Vendor	Product	Versions
Huawei	Ips Module Firmware Ips Module Ngfw Module Firmware Ngfw Module Nip6300 Firmware Nip6300 Nip6600 Firmware Nip6600 Nip6800 Firmware Nip6800 Secospace Usg6300 Firmware Secospace Usg6300 Secospace Usg6500 Firmware Secospace Usg6500 Secospace Usg6600 Firmware Secospace Usg6600 Usg6000v Firmware Usg6000v	v500r001c30, v500r001c60, v500r005c00 - v500r002c00, v500r002c20, v500r005c00 - v500r001c30, v500r001c60, v500r005c00 - v500r001c30, v500r001c60, v500r005c00 - v500r001c60, v500r005c00 - v500r001c30, v500r001c60, v500r005c00 - v500r001c30, v500r001c60, v500r005c00 - v500r001c30, v500r005c00 - v500r003c00 -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	huawei	ips_module_firmware	v500r001c30	/	/	/	/	/	/	/
o	huawei	ips_module_firmware	v500r001c60	/	/	/	/	/	/	/
o	huawei	ips_module_firmware	v500r005c00	/	/	/	/	/	/	/
h	huawei	ips_module	-	/	/	/	/	/	/	/
o	huawei	ngfw_module_firmware	v500r002c00	/	/	/	/	/	/	/
o	huawei	ngfw_module_firmware	v500r002c20	/	/	/	/	/	/	/
o	huawei	ngfw_module_firmware	v500r005c00	/	/	/	/	/	/	/
h	huawei	ngfw_module	-	/	/	/	/	/	/	/
o	huawei	nip6300_firmware	v500r001c30	/	/	/	/	/	/	/
o	huawei	nip6300_firmware	v500r001c60	/	/	/	/	/	/	/
o	huawei	nip6300_firmware	v500r005c00	/	/	/	/	/	/	/
h	huawei	nip6300	-	/	/	/	/	/	/	/
o	huawei	nip6600_firmware	v500r001c30	/	/	/	/	/	/	/
o	huawei	nip6600_firmware	v500r001c60	/	/	/	/	/	/	/
o	huawei	nip6600_firmware	v500r005c00	/	/	/	/	/	/	/
h	huawei	nip6600	-	/	/	/	/	/	/	/
o	huawei	nip6800_firmware	v500r001c60	/	/	/	/	/	/	/
o	huawei	nip6800_firmware	v500r005c00	/	/	/	/	/	/	/
h	huawei	nip6800	-	/	/	/	/	/	/	/
o	huawei	secospace_usg6300_firmware	v500r001c30	/	/	/	/	/	/	/
o	huawei	secospace_usg6300_firmware	v500r001c60	/	/	/	/	/	/	/
o	huawei	secospace_usg6300_firmware	v500r005c00	/	/	/	/	/	/	/
h	huawei	secospace_usg6300	-	/	/	/	/	/	/	/
o	huawei	secospace_usg6500_firmware	v500r001c30	/	/	/	/	/	/	/
o	huawei	secospace_usg6500_firmware	v500r001c60	/	/	/	/	/	/	/
o	huawei	secospace_usg6500_firmware	v500r005c00	/	/	/	/	/	/	/
h	huawei	secospace_usg6500	-	/	/	/	/	/	/	/
o	huawei	secospace_usg6600_firmware	v500r001c30	/	/	/	/	/	/	/
o	huawei	secospace_usg6600_firmware	v500r005c00	/	/	/	/	/	/	/
h	huawei	secospace_usg6600	-	/	/	/	/	/	/	/
o	huawei	usg6000v_firmware	v500r003c00	/	/	/	/	/	/	/
h	huawei	usg6000v	-	/	/	/	/	/	/	/

References

https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en

CVSS Score

3.7 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

View Vector String

Timeline

Published: Dec. 27, 2024, 10:15 a.m.
Last Modified: Jan. 10, 2025, 8:28 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@huawei.com

CVE-2020-1818