CVE-2020-1814

EPSS 0.19%
Veröffentlicht 18.02.2020 02:15:10
Zuletzt bearbeitet 21.11.2024 05:11:25
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Nip6800 Firmware Versionv500r001c30

Huawei ≫ Nip6800 Version-

Huawei ≫ Nip6800 Firmware Versionv500r001c60spc500

Huawei ≫ Nip6800 Version-

Huawei ≫ Nip6800 Firmware Versionv500r005c00

Huawei ≫ Nip6800 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c30spc200

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c30spc600

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c60spc500

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r005c00

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Usg9500 Firmware Versionv500r001c30spc200

Huawei ≫ Usg9500 Version-

Huawei ≫ Usg9500 Firmware Versionv500r001c30spc600

Huawei ≫ Usg9500 Version-

Huawei ≫ Usg9500 Firmware Versionv500r001c60spc500

Huawei ≫ Usg9500 Version-

Huawei ≫ Usg9500 Firmware Versionv500r005c00

Huawei ≫ Usg9500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.407

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-01-firewall-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1814

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1814

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1814

EUVD