6.5

CVE-2020-9101

EPSS 0.04%
Published 18.07.2020 01:16:35
Last modified 21.11.2024 05:40:01
Source psirt@huawei.com
Teams watchlist Login
Open Login

There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Affected product versions include: IPS Module versions V500R005C00, V500R005C10; NGFW Module versions V500R005C00, V500R005C10; Secospace USG6300 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6600 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; USG9500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Ips Module Firmware Versionv500r005c00

Huawei ≫ Ips Module Version-

Huawei ≫ Ips Module Firmware Versionv500r005c10

Huawei ≫ Ips Module Version-

Huawei ≫ Ngfw Module Firmware Versionv500r005c00

Huawei ≫ Ngfw Module Version-

Huawei ≫ Ngfw Module Firmware Versionv500r005c10

Huawei ≫ Ngfw Module Version-

Huawei ≫ Secospace Usg6300 Firmware Versionv500r001c30

Huawei ≫ Secospace Usg6300 Version-

Huawei ≫ Secospace Usg6300 Firmware Versionv500r001c60

Huawei ≫ Secospace Usg6300 Version-

Huawei ≫ Secospace Usg6300 Firmware Versionv500r005c00

Huawei ≫ Secospace Usg6300 Version-

Huawei ≫ Secospace Usg6300 Firmware Versionv500r005c10

Huawei ≫ Secospace Usg6300 Version-

Huawei ≫ Secospace Usg6500 Firmware Versionv500r001c30

Huawei ≫ Secospace Usg6500 Version-

Huawei ≫ Secospace Usg6500 Firmware Versionv500r001c60

Huawei ≫ Secospace Usg6500 Version-

Huawei ≫ Secospace Usg6500 Firmware Versionv500r005c00

Huawei ≫ Secospace Usg6500 Version-

Huawei ≫ Secospace Usg6500 Firmware Versionv500r005c10

Huawei ≫ Secospace Usg6500 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c30

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c60

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r005c00

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r005c10

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Usg9500 Firmware Versionv500r001c30

Huawei ≫ Usg9500 Version-

Huawei ≫ Usg9500 Firmware Versionv500r001c60

Huawei ≫ Usg9500 Version-

Huawei ≫ Usg9500 Firmware Versionv500r005c00

Huawei ≫ Usg9500 Version-

Huawei ≫ Usg9500 Firmware Versionv500r005c10

Huawei ≫ Usg9500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.076

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-01-outofboundswrite-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-9101

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-9101

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-9101

EUVD