5.3

CVE-2020-1821

EPSS 0.08%
Published 28.12.2024 07:15:17
Last modified 13.01.2025 18:40:31
Source psirt@huawei.com
Teams watchlist Login
Open Login

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)

The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Ips Module Firmware Versionv500r001c30

Huawei ≫ Ips Module Version-

Huawei ≫ Ips Module Firmware Versionv500r001c60

Huawei ≫ Ips Module Version-

Huawei ≫ Ips Module Firmware Versionv500r005c00

Huawei ≫ Ips Module Version-

Huawei ≫ Ngfw Module Firmware Versionv500r002c00

Huawei ≫ Ngfw Module Version-

Huawei ≫ Ngfw Module Firmware Versionv500r002c20

Huawei ≫ Ngfw Module Version-

Huawei ≫ Ngfw Module Firmware Versionv500r005c00

Huawei ≫ Ngfw Module Version-

Huawei ≫ Nip6300 Firmware Versionv500r001c30

Huawei ≫ Nip6300 Version-

Huawei ≫ Nip6300 Firmware Versionv500r001c60

Huawei ≫ Nip6300 Version-

Huawei ≫ Nip6300 Firmware Versionv500r005c00

Huawei ≫ Nip6300 Version-

Huawei ≫ Nip6600 Firmware Versionv500r001c30

Huawei ≫ Nip6600 Version-

Huawei ≫ Nip6600 Firmware Versionv500r001c60

Huawei ≫ Nip6600 Version-

Huawei ≫ Nip6600 Firmware Versionv500r005c00

Huawei ≫ Nip6600 Version-

Huawei ≫ Nip6800 Firmware Versionv500r001c60

Huawei ≫ Nip6800 Version-

Huawei ≫ Nip6800 Firmware Versionv500r005c00

Huawei ≫ Nip6800 Version-

Huawei ≫ Secospace Usg6300 Firmware Versionv500r001c30

Huawei ≫ Secospace Usg6300 Version-

Huawei ≫ Secospace Usg6300 Firmware Versionv500r001c60

Huawei ≫ Secospace Usg6300 Version-

Huawei ≫ Secospace Usg6300 Firmware Versionv500r005c00

Huawei ≫ Secospace Usg6300 Version-

Huawei ≫ Secospace Usg6500 Firmware Versionv500r001c30

Huawei ≫ Secospace Usg6500 Version-

Huawei ≫ Secospace Usg6500 Firmware Versionv500r001c60

Huawei ≫ Secospace Usg6500 Version-

Huawei ≫ Secospace Usg6500 Firmware Versionv500r005c00

Huawei ≫ Secospace Usg6500 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c30

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r005c00

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Usg6000v Firmware Versionv500r003c00

Huawei ≫ Usg6000v Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.234

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
psirt@huawei.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1821

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1821

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1821

EUVD