CVE-2020-1823

CVSS 3.7 LOWEPSS 0.2%CWE-125

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Huawei · IPS Module Huawei · NGFW Module Huawei · NIP6300 Huawei · NIP6600 Huawei · NIP6800 Huawei · Secospace USG6300 Huawei · Secospace USG6500 Huawei · Secospace USG6600 Huawei · USG6000V

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en